17990667. CYBERSECURITY INSIDER RISK MANAGEMENT simplified abstract (Microsoft Technology Licensing, LLC)
Contents
- 1 CYBERSECURITY INSIDER RISK MANAGEMENT
- 1.1 Organization Name
- 1.2 Inventor(s)
- 1.3 CYBERSECURITY INSIDER RISK MANAGEMENT - A simplified explanation of the abstract
- 1.4 Simplified Explanation
- 1.5 Potential Applications
- 1.6 Problems Solved
- 1.7 Benefits
- 1.8 Potential Commercial Applications
- 1.9 Possible Prior Art
- 1.10 Original Abstract Submitted
CYBERSECURITY INSIDER RISK MANAGEMENT
Organization Name
Microsoft Technology Licensing, LLC
Inventor(s)
Erin K. Miyake of Seattle WA (US)
Robert Mccann of Snoqualmie WA (US)
Maria Siddiqui of Seattle WA (US)
Ashish Mishra of Bothell WA (US)
Talhah Munawar Mir of Bothell WA (US)
Sakshi Mittal of Seattle WA (US)
Jovan Kalajdjieski of Vancouver (CA)
Diego Ruvalcaba of Kirkland WA (US)
CYBERSECURITY INSIDER RISK MANAGEMENT - A simplified explanation of the abstract
This abstract first appeared for US patent application 17990667 titled 'CYBERSECURITY INSIDER RISK MANAGEMENT
Simplified Explanation
Some embodiments help manage cybersecurity insider risk. An authorized user influence pillar value is based on an influence signal representing the user's actual or potential influence in a computing environment. An authorized user access pillar value is based on an access signal representing the user's actual or potential access to resources. An impact risk value is calculated as a weighted combination of the pillar values. In response, an embodiment automatically adjusts a cybersecurity characteristic, such as a security risk score, security group membership, threat detection mechanism, or alert threshold. In some cases, impact risk is also based on a cumulative potential exfiltration anomaly access signal. In some cases, impact risk is based on one or more values which represent user public visibility, user social network influence, brand damage risk, resource mission criticality, access request response speed or success rate, or a known cybersecurity attack.
- Insider risk management in cybersecurity
- Calculation of impact risk based on user influence and access signals
- Automatic adjustment of cybersecurity characteristics in response to calculated risk
- Consideration of various factors in determining impact risk, such as exfiltration anomaly access signal and user public visibility
Potential Applications
This technology could be applied in industries where insider threats are a concern, such as finance, healthcare, and government.
Problems Solved
This technology helps organizations proactively manage cybersecurity risks posed by authorized users with varying levels of influence and access.
Benefits
- Improved cybersecurity risk management - Enhanced protection against insider threats - Automatic adjustment of security measures based on calculated risk
Potential Commercial Applications
Enhancing cybersecurity solutions for businesses Optimizing security measures for government agencies Improving data protection in healthcare organizations
Possible Prior Art
One possible prior art could be the use of user behavior analytics in cybersecurity to detect insider threats. Another could be the implementation of access control mechanisms based on user roles and permissions.
What are the limitations of this technology in managing cybersecurity insider risk?
The technology may face challenges in accurately assessing the actual influence and access of authorized users, leading to potential misjudgments in calculating impact risk.
How does this technology compare to existing cybersecurity solutions for insider threat management?
This technology offers a more dynamic and automated approach to managing insider risk by considering a wide range of factors beyond just user access permissions. Existing solutions may focus more on static access control measures rather than adaptive risk assessment.
Original Abstract Submitted
Some embodiments help manage cybersecurity insider risk. An authorized user influence pillar value is based on an influence signal representing the user's actual or potential influence in a computing environment. An authorized user access pillar value is based on an access signal representing the user's actual or potential access to resources. An impact risk value is calculated as a weighted combination of the pillar values. In response, an embodiment automatically adjusts a cybersecurity characteristic, such as a security risk score, security group membership, threat detection mechanism, or alert threshold. In some cases, impact risk is also based on a cumulative potential exfiltration anomaly access signal. In some cases, impact risk is based on one or more values which represent user public visibility, user social network influence, brand damage risk, resource mission criticality, access request response speed or success rate, or a known cybersecurity attack.
- Microsoft Technology Licensing, LLC
- Erin K. Miyake of Seattle WA (US)
- Sudarson Tm of Bangalore (IN)
- Robert Mccann of Snoqualmie WA (US)
- Maria Siddiqui of Seattle WA (US)
- Ashish Mishra of Bothell WA (US)
- Talhah Munawar Mir of Bothell WA (US)
- Sakshi Mittal of Seattle WA (US)
- Jovan Kalajdjieski of Vancouver (CA)
- Diego Ruvalcaba of Kirkland WA (US)
- H04L9/40