Browse Prior Art Database

Enhanced Recertification Decision

IP.com Disclosure Number: IPCOM000250255D
Publication Date: 2017-Jun-19
Document File: 3 page(s) / 81K

Publishing Venue

The IP.com Prior Art Database

Abstract

Disclosed is a method for enhancing system access recertification decisions based on actual access usage and patterns including historical and comparative access activities.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 52% of the total text.

1

Enhanced Recertification Decision

Manager and resource owners regularly receive tasks for revalidation of access to various system resources for specific users. This human activity can only be done if the decision maker has the appropriate information available. The traditional approach focuses on access based on need and, more specifically, assumed need; managers and resource owner assume a user’s need for access based on business activities. However, these activities may not be granular enough to indicate whether the user actually utilizes the granted access.

A method is needed to show how the actual usage information can be incorporated into the decision-making pro``cess.

The novel contribution is a method to improve the decision-making process during an access recertification event by providing the decision maker with additional information about the access owner’s actual access usage history.

Auditing access decisions for reporting and forensic analysis is a common process, and this data is usually widely available in the security community. A recertification campaign includes collecting the following data and making it available for analysis:

 Accessing User Id

 Accessed Resource

 Access Date

 Access Duration

During the preparation and initiation of a recertification campaign, a system extracts this data from the auditing and reporting tools, analyzes it, and prepares it for inclusion to the campaign data.

The analysis occurs at various levels, beginning with a basic usage analysis for the current reporting period. For this, the system determines and generates the following data:

 Usage Count: the number of times a user has accessed the resource

 Usage Time: the usage time of the resource; how long a user used the resource

 Average Usage Time: the average time per access

2

The system uses this access pattern for a resource and user combination to perform a comparative analysis with the access patterns of similar users on the same resource. It performs this comparison between users reporting to the same manager or having the same basic access justification or approver. This comparison is scalable to include users from other managers in the same role.

For this comparative analysis, the system generates the following data:

 Comparative Usage Count: compare the number of access operations performed by this user to other users within the same team or expande...