公开(公告)号：US11537602B2

公开(公告)日：2022-12-27

申请号：US15930273

申请日：2020-05-12

Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION

Inventor： Muhammed Fatih Bulut ,  Arun Kumar ,  Kuntal Dey ,  Constantin Mircea Adam ,  Milton H. Hernandez

IPC: G06F16/242 ,  G06F40/30 ,  G06N20/00 ,  G06F16/28 ,  G06F16/23 ,  G06F40/284

Abstract: Computer implemented reconstruction of compliance mapping due to an update in a regulation in the compliance mapping by a computing device includes comparing a first version of a regulation in the compliance mapping to a second, updated version of the first regulation. A change in the second version with respect to the first version is identified. The change may be an added control description, a deleted control description, or an updated control description. Upon determining that the change is an updated control description, the updated control description is analyzed to determine a type of update. The mapping of the regulation is reconstructed based on the change and, if the change is an updated control description, the type of update, using at least one of natural language processing and/or machine learning. The risk of the reconstructed mapping is assessed, and a service owner is notified about the risk of the changes.

公开(公告)号：US20200380444A1

公开(公告)日：2020-12-03

申请号：US16425372

申请日：2019-05-29

Applicant: International Business Machines Corporation

Inventor： Aswin Kannan ,  Arun Kumar ,  Leo Kluger

IPC: G06Q10/06 ,  G06N20/00 ,  G06N7/00 ,  G06F17/27

Abstract: Methods, systems, and computer program products for determining collaborative enterprise decisions based on regulatory impacts are provided herein. A computer-implemented method includes generating, for each one of multiple target entities within an enterprise, impact functions pertaining to entity-specific impacts of a regulation on one or more impact factors; producing weighted impact functions by applying, to the generated impact functions, weights determined by the multiple target entities; calculating a combined enterprise impact attributed to the regulation by combining the weighted impact functions via one or more algorithms; determining a single collaborative enterprise policy for complying with the regulation based at least in part on the combined enterprise impact; and outputting the collaborative enterprise policy to the multiple target entities within the enterprise.

公开(公告)号：US20190286741A1

公开(公告)日：2019-09-19

申请号：US15922720

申请日：2018-03-15

Applicant: International Business Machines Corporation

Inventor： Arvind Agarwal ,  Vitobha Munigala ,  Riddhiman Dasgupta ,  Arun Kumar

IPC: G06F17/30 ,  G06F17/27 ,  G06K9/00

Abstract: One embodiment provides a method, including: obtaining at least two documents, wherein one of the at least two documents comprises a different revision of another of the at least two documents; identifying a structure of each of the at least two documents by parsing each of the at least two documents to extract text from each of the at least two documents; aligning sections of the at least two documents, wherein the aligning comprises matching a section from one of the at least two documents and a corresponding section from another of the at least two documents; identifying at least one difference between the at least two documents; assigning a semantic label to the identified at least one difference; and providing a summary of the identified at least one difference by compressing the text surrounding the identified at least one difference using the assigned semantic label.

公开(公告)号：US12130927B2

公开(公告)日：2024-10-29

申请号：US17186445

申请日：2021-02-26

Applicant: International Business Machines Corporation

Inventor： Arun Kumar ,  Sneha Mondal ,  Simon Metson ,  Mandy Hinton

IPC: G06F21/57 ,  G06F16/2457 ,  G06F16/248 ,  G06F16/93 ,  G06N20/00

CPC classification number: G06F21/577 ,  G06F16/24578 ,  G06F16/248 ,  G06F16/93 ,  G06N20/00 ,  G06F2221/034

Abstract: Methods, systems, and computer program products for incremental regulatory compliance are provided herein. A computer-implemented method includes obtaining at least one first document indicative of a first set of requirements, at least one second document indicative of a second set of requirements, and a baseline document indicative of one or more security controls currently implemented in a system architecture; performing a document comparison between the at least one first document, the at least one second document, and the baseline document to identify overlapping requirements across the first set and the second set that are not satisfied by the one or more security controls; and recommending at least one additional security control to be implemented in said system architecture for satisfying at least one of the identified overlapping requirements.

公开(公告)号：US20220277082A1

公开(公告)日：2022-09-01

申请号：US17186445

申请日：2021-02-26

Applicant: International Business Machines Corporation

Inventor： Arun Kumar ,  Sneha Mondal ,  Simon Metson ,  Mandy Hinton

IPC: G06F21/57 ,  G06F16/93 ,  G06F16/2457 ,  G06F16/248 ,  G06N20/00

Abstract: Methods, systems, and computer program products for incremental regulatory compliance are provided herein. A computer-implemented method includes obtaining at least one first document indicative of a first set of requirements, at least one second document indicative of a second set of requirements, and a baseline document indicative of one or more security controls currently implemented in a system architecture; performing a document comparison between the at least one first document, the at least one second document, and the baseline document to identify overlapping requirements across the first set and the second set that are not satisfied by the one or more security controls; and recommending at least one additional security control to be implemented in said system architecture for satisfying at least one of the identified overlapping requirements.

公开(公告)号：US20230177435A1

公开(公告)日：2023-06-08

申请号：US17541344

申请日：2021-12-03

Applicant: International Business Machines Corporation

Inventor： Anca Sailer ,  Christopher John Butler ,  Arun Kumar ,  Malgorzata Steinder

IPC: G06Q10/06 ,  G06F21/57

CPC classification number: G06Q10/0635 ,  G06Q10/0637 ,  G06F21/57 ,  G06F2221/034

Abstract: A method, apparatus and computer program product for automated security and regulatory compliance in association with an enterprise. A set of security and compliance controls that operate in association with the enterprise are provided. One or more compliance policies that are enforced by the set of security and compliance controls are encapsulated according to a common data format. One or more customer-specific security/compliance requirements associated with the enterprise are collected. Using microservices-based modular components, the customer-specific security/compliance requirements are then transformed into machine-readable representations having the common data format and that conform to the one or more compliance policies being enforced by the set of security and compliance controls. The one or more compliance policies including the one or more transformed security/compliance requirements are then activated to facilitate the security and regulatory compliance.

公开(公告)号：US20230177426A1

公开(公告)日：2023-06-08

申请号：US17541864

申请日：2021-12-03

Applicant: International Business Machines Corporation

Inventor： Anca Sailer ,  Christopher John Butler ,  Arun Kumar ,  Malgorzata Steinder ,  James R. Doran ,  Philippe Mulet

IPC: G06Q10/06 ,  G06F8/20 ,  G06F8/60

CPC classification number: G06Q10/06313 ,  G06F8/22 ,  G06F8/60

Abstract: A compliance discovery and integration process is implemented in association with a cloud-based security and compliance platform and associated CI/CD framework. The process assumes an existing DevOps-based deployment of a product, such as an enterprise application that executes in a runtime production environment. The technique of this disclosure addresses the problem of misalignment between a compliance policy and the product’s post-deployment regulation posture by providing tools and methods that enable pro-active augmentation of governance and compliance policy during the pre-deployment phase and with respect to a next deployment of the product (e.g., a next or updated version). Thus, when the product is later deployed in its next deployment, its regulation posture (post-deployment) is already consistent with the compliance policy.

公开(公告)号：US11516094B2

公开(公告)日：2022-11-29

申请号：US17110569

申请日：2020-12-03

Applicant: International Business Machines Corporation

Inventor： Aditya Dwivedi ,  Padmanabha Venkatagiri Seshadri ,  Arun Kumar ,  Amith Singhee ,  Kuntal Dey ,  Ashok Pon Kumar Sree Prakash

IPC: H04L41/5025 ,  H04L41/5041 ,  H04L41/5006 ,  H04L67/61

Abstract: One embodiment provides a computer implemented method, including: receiving interaction logs of a plurality of services of an application running on a system; generating an interaction graph identifying interactions between at least the at least one of the plurality of services and other of the plurality of services, wherein the identifying comprises identifying a frequency of interactions between services; determining constraints between at least the at least one of the plurality of services and the other of the plurality of services, wherein the constraints identify services that are dependent upon other services of the plurality of services and a compatibility of services with respect to other services of the plurality of services; and creating a remediation plan for updating the at least one of the plurality of services, wherein the remediation plan identifies a time for updating the at least one of the plurality of services.

公开(公告)号：US20210357392A1

公开(公告)日：2021-11-18

申请号：US15930273

申请日：2020-05-12

Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION

Inventor： Muhammed Fatih Bulut ,  Arun Kumar ,  Kuntal Dey ,  Constantin Mircea Adam ,  Milton H. Hernandez

IPC: G06F16/242 ,  G06F40/30 ,  G06F40/284 ,  G06F16/28 ,  G06F16/23 ,  G06N20/00

Abstract: Computer implemented reconstruction of compliance mapping due to an update in a regulation in the compliance mapping by a computing device includes comparing a first version of a regulation in the compliance mapping to a second, updated version of the first regulation. A change in the second version with respect to the first version is identified. The change may be an added control description, a deleted control description, or an updated control description. Upon determining that the change is an updated control description, the updated control description is analyzed to determine a type of update. The mapping of the regulation is reconstructed based on the change and, if the change is an updated control description, the type of update, using at least one of natural language processing and/or machine learning. The risk of the reconstructed mapping is assessed, and a service owner is notified about the risk of the changes.

公开(公告)号：US10540638B2

公开(公告)日：2020-01-21

申请号：US15603924

申请日：2017-05-24

Applicant: International Business Machines Corporation

Inventor： Arvind Agarwal ,  Arun Kumar ,  Srikanth G. Tamilselvam

IPC: G06Q10/10 ,  G06Q10/06 ,  H04L29/08

Abstract: Methods, systems, and computer program products for transferring context with delegation are provided herein. A computer-implemented method includes detecting an anticipated unavailability of a first individual for a given future event, based on inputs generated by the first individual and databases of stored calendar information pertaining to the first individual and the given future event; identifying tasks, related to the given future event, requiring a delegation as a result of the anticipated unavailability of the first individual, wherein identifying is based on data related to the given future event; determining additional individuals to whom the tasks can be delegated, based on qualifications of the additional individuals and one or more constraints; generating a summary of the delegation comprising a description of the tasks and information pertaining to the given future event; and outputting the summary to at least one of the additional individuals.