公开(公告)号：US07353389B2

公开(公告)日：2008-04-01

申请号：US10819545

申请日：2004-04-07

申请人： Richard M. DeFuria ,  Gary H. Newman

发明人： Richard M. DeFuria ,  Gary H. Newman

IPC分类号： G06F9/00

CPC分类号： G06F8/64 ,  G06F8/65

摘要： A Computer Information Database System includes a software update and patch audit subsystem that manages computer profile data using system grouping and audit specification criteria. The subsystem thus selects a particular group of computers using the grouping criteria, and further selects from within the group the computers that pass or fail the applicable audit requirements. A given computer passes the requirements if the computer has installed thereon the specified software updates and patches that are applicable to the computer operating system platform. Otherwise, the computer fails. The audit subsystem may instead select particular computers using the audit specification criteria and then using the grouping criteria further select the subset of these computers that belong to a particular group. Further, the audit specification criteria may be set differently for the respective groups. Also, the grouping criteria and/or the security audit criteria may change without adversely impacting the operations of the subsystem. The audit system uses database tables and views that include value-to-match fields for either or both of the grouping and the audit specification criteria, and also software update or patch specific information and/or operating system specific information. One table includes group and operating system information for the respective computers, another table includes entries for the respective updates and patches that are installed on the respective computers, and another table includes entries that together specify the security audit specifications for the respective groups. Using the tables, the system produces views that relate, for example, to failing computers, what updates or patches the respective failing computers are missing, which or how many computers are failing within a particular group.

摘要翻译： 计算机信息数据库系统包括使用系统分组和审计规范标准管理计算机简档数据的软件更新和修补程序审计子系统。 因此，子系统使用分组标准选择特定的计算机组，并且进一步从组内选择通过或不合适的审计要求的计算机。 如果计算机上安装了适用于计算机操作系统平台的指定的软件更新和修补程序，则给定的计算机会传递要求。 否则，计算机将失败。 审计子系统可以使用审计规范标准来选择特定的计算机，然后使用分组标准进一步选择属于特定组的这些计算机的子集。 此外，可以针对各个组设置不同的审计规范标准。 此外，分组标准和/或安全审核标准可以改变而不会不利地影响子系统的操作。 审计系统使用数据库表和视图，包括分组和审计规范标准中的一个或两个的值到匹配字段，以及软件更新或补丁特定信息和/或操作系统特定信息。 一个表格包括各个计算机的组和操作系统信息，另一个表包括安装在相应计算机上的相应更新和修补程序的条目，另一个表包括一起指定各个组的安全审核规范的条目。 使用这些表，系统会生成与例如计算机故障相关的视图，哪些更新或修补相应的故障计算机丢失，哪些或多少计算机在特定组内发生故障。

公开(公告)号：US08225409B2

公开(公告)日：2012-07-17

申请号：US11387424

申请日：2006-03-23

申请人： Gary H. Newman ,  Richard M. DeFuria

发明人： Gary H. Newman ,  Richard M. DeFuria

IPC分类号： G06F21/00

CPC分类号： H04L63/105 ,  G06F21/10 ,  G06F21/46 ,  G06F21/50 ,  G06F21/577 ,  G06F2221/2101 ,  H04L63/1433 ,  H04L63/20

摘要： A security control verification and monitoring subsystem of a managed computer system performs security control verification operations regularly and for each security control verification operation determines the applicable security benchmark level for use by a given computer. The subsystem assigns security risk categories to groups of computers based, for example, on overall system or group administrator supplied potential impact settings and/or system type and business or information type selections. The subsystem further associates the security risk categories with security benchmark levels based on mapping information supplied by the overall system or group administrator. The subsystem then directs the computer to benchmark definition files based on the assigned security risk category, the associated security benchmark level and attributes of the computer. The subsystem performs the security control verification operations whenever the computer performs computer profile data update operations, and thus, monitors essentially continuously the security control compliance of the computer. The subsystem stores the results of the security verification operations and includes the results in reports for the system, group or computer.

摘要翻译： 被管理计算机系统的安全控制验证和监视子系统定期执行安全控制验证操作，并且对于每个安全控制验证操作确定给定计算机使用的适用的安全基准级别。 子系统将安全风险类别分配到例如基于总体系统或组管理员提供的潜在影响设置和/或系统类型和业务或信息类型选择的计算机组。 该子系统还基于由整个系统或组管理员提供的映射信息来将安全风险类别与安全性基准级相关联。 子系统然后根据指定的安全风险类别，相关的安全基准级别和计算机的属性，将计算机引导到基准定义文件。 每当计算机执行计算机配置文件数据更新操作时，子系统执行安全控制验证操作，从而基本上持续监控计算机的安全控制合规性。 子系统存储安全验证操作的结果，并将结果包含在系统，组或计算机的报告中。