Techniques for reconciling permission usage with security policy for policy optimization and monitoring continuous compliance
In one aspect, a method for managing a security policy having multiple policy items includes the steps of: (a) mapping permissions to the policy items which apply to usage of the permissions so as to determine which of the permissions are granted to groups of users by each of the policy items; (b) i...
Saved in:
Main Authors | , , , |
---|---|
Format | Patent |
Language | English |
Published |
26.01.2016
|
Subjects | |
Online Access | Get full text |
Cover
Loading…
Summary: | In one aspect, a method for managing a security policy having multiple policy items includes the steps of: (a) mapping permissions to the policy items which apply to usage of the permissions so as to determine which of the permissions are granted to groups of users by each of the policy items; (b) identifying at least one of the policy items mapped in step (a) that is in violation of least privilege based on a comparison of an actual permission usage with the security policy; (c) identifying at least one of the policy items mapped in step (a) that increases operational risk; (d) verifying that policy constructs in the security policy are consistent with policy constructs inferred from the actual permission usage; and (e) identifying optimizations of the security policy based on output from one or more of steps (a)-(d). |
---|---|
Bibliography: | Application Number: US201313904350 |