公开(公告)号：US20210075814A1

公开(公告)日：2021-03-11

申请号：US16563504

申请日：2019-09-06

Applicant: International Business Machines Corporation

Inventor： Muhammed Fatih Bulut ,  Milton H. Hernandez ,  Jinho Hwang ,  Constantin Mircea Adam ,  Daniel S. Riley

IPC: H04L29/06 ,  G06N20/00

Abstract: Systems, computer-implemented methods, and computer program products that can facilitate compliance process risk assessment are provided. According to an embodiment, a system can comprise a memory that stores computer executable components and a processor that executes the computer executable components stored in the memory. The computer executable components can comprise a metric assignment component that assigns one or more risk assessment metrics based on vulnerability data of a compliance process. The computer executable components can further comprise a risk assignment component that assigns a risk score of the compliance process based on the one or more risk assessment metrics.

公开(公告)号：US11522819B2

公开(公告)日：2022-12-06

申请号：US16679440

申请日：2019-11-11

Applicant: International Business Machines Corporation

Inventor： Constantin Mircea Adam ,  Muhammed Fatih Bulut ,  Richard Baxter Hull ,  Anup Kalia ,  Maja Vukovic ,  Jin Xiao

IPC: G06F40/30 ,  H04L51/046 ,  G06N5/02 ,  G06Q10/10 ,  G06F16/332 ,  H04L51/56

Abstract: Techniques facilitating maintenance of tribal knowledge for accelerated compliance control deployment are provided. In one example, a system includes a memory that stores computer executable components and a processor that executes computer executable components stored in the memory, wherein the computer executable components include a knowledge base generation component that generates a knowledge graph corresponding to respective commitments created via tribal exchanges, the knowledge graph comprising a semantic level and an operational level; a semantic graph population component that populates the semantic level of the knowledge graph based on identified parties to the respective commitments; and an operational graph population component that populates the operational level of the knowledge graph based on tracked status changes associated with the respective commitments.

公开(公告)号：US11411979B2

公开(公告)日：2022-08-09

申请号：US16563504

申请日：2019-09-06

Applicant: International Business Machines Corporation

Inventor： Muhammed Fatih Bulut ,  Milton H. Hernandez ,  Jinho Hwang ,  Constantin Mircea Adam ,  Daniel S. Riley

IPC: H04L29/00 ,  H04L9/40 ,  G06N20/00

Abstract: Systems, computer-implemented methods, and computer program products that can facilitate compliance process risk assessment are provided. According to an embodiment, a system can comprise a memory that stores computer executable components and a processor that executes the computer executable components stored in the memory. The computer executable components can comprise a metric assignment component that assigns one or more risk assessment metrics based on vulnerability data of a compliance process. The computer executable components can further comprise a risk assignment component that assigns a risk score of the compliance process based on the one or more risk assessment metrics.

公开(公告)号：US20220131887A1

公开(公告)日：2022-04-28

申请号：US17078455

申请日：2020-10-23

Applicant: International Business Machines Corporation

Inventor： Lilian Mathias Ngweta ,  Steven Ocepek ,  Constantin Mircea Adam ,  Sai Zeng ,  Muhammed Fatih Bulut ,  Milton H. Hernandez

IPC: H04L29/06 ,  G06N20/00

Abstract: Systems, computer-implemented methods, and computer program products that facilitate vulnerability and attack technique association are provided. According to an embodiment, a system can comprise a memory that stores computer executable components and a processor that executes the computer executable components stored in the memory. The computer executable components can comprise a map component that defines mappings between vulnerability data representing a vulnerability of a computing resource and attack data representing at least one attack technique. The computer executable components can further comprise an estimation component that analyzes the mappings to estimate a probability that the vulnerability will be exploited to attack the computing resource.

公开(公告)号：US20210357392A1

公开(公告)日：2021-11-18

申请号：US15930273

申请日：2020-05-12

Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION

Inventor： Muhammed Fatih Bulut ,  Arun Kumar ,  Kuntal Dey ,  Constantin Mircea Adam ,  Milton H. Hernandez

IPC: G06F16/242 ,  G06F40/30 ,  G06F40/284 ,  G06F16/28 ,  G06F16/23 ,  G06N20/00

Abstract: Computer implemented reconstruction of compliance mapping due to an update in a regulation in the compliance mapping by a computing device includes comparing a first version of a regulation in the compliance mapping to a second, updated version of the first regulation. A change in the second version with respect to the first version is identified. The change may be an added control description, a deleted control description, or an updated control description. Upon determining that the change is an updated control description, the updated control description is analyzed to determine a type of update. The mapping of the regulation is reconstructed based on the change and, if the change is an updated control description, the type of update, using at least one of natural language processing and/or machine learning. The risk of the reconstructed mapping is assessed, and a service owner is notified about the risk of the changes.

公开(公告)号：US10789368B2

公开(公告)日：2020-09-29

申请号：US15842534

申请日：2017-12-14

Applicant: International Business Machines Corporation

Inventor： Constantin Mircea Adam ,  Nikolaos Anerousis ,  Jinho Hwang ,  Shripad Nadgowda ,  Maja Vukovic

IPC: G06F21/53 ,  G06F21/57 ,  G06F21/56 ,  G06F21/71 ,  G06F21/54

Abstract: Systems, computer-implemented methods and/or computer program products that facilitate compliance-aware runtime generation of containers are provided. In one embodiment, a computer-implemented method comprises: identifying, by a system operatively coupled to a processor, information used by a target application to containerize; determining whether one or more risk violations exist for the information within one or more defined thresholds; determining whether a compliance or a security violation exists in the information, wherein the determining whether the compliance or security violation exists is performed based on a determination by the risk assessment component that one or more risk violations do not exist; and generating a new container of components corresponding to defined components of the target application that allow the target application to execute without an underlying operating system, wherein the generating is based on a determination that no compliance or security violation exists in the information.

公开(公告)号：US20190075081A1

公开(公告)日：2019-03-07

申请号：US15694355

申请日：2017-09-01

Applicant: International Business Machines Corporation

Inventor： Constantin Mircea Adam ,  Richard Jay Cohen ,  Robert Filepp ,  Milton H. Hernandez ,  Brian Peterson ,  Maja Vukovic ,  Sai Zeng ,  Guan Qun Zhang ,  Bhavna Agrawal

IPC: H04L29/06

Abstract: Users of an endpoint remediation system can be assigned to different roles, from which they can request exceptions, approve exceptions, and/or enable remediation on endpoint devices. The compliance scanning and enforcing process can be automated, while allowing entities to request and/or approve certain exceptions. Therefore, security compliance for customers can be actively managed to provide visibility to the endpoint device compliance state at any time.

公开(公告)号：US20240114046A1

公开(公告)日：2024-04-04

申请号：US17937854

申请日：2022-10-04

Applicant: International Business Machines Corporation

Inventor： Constantin Mircea Adam ,  Muhammed Fatih Bulut ,  Steven Ocepek

IPC: H04L9/40

CPC classification number: H04L63/1433

Abstract: One or more systems, devices, computer program products and/or computer-implemented methods provided herein relate to prioritization of attack techniques and cyber security events. According to an embodiment, an attack prioritization engine can receive security events, train an artificial intelligence model to rank respective cyber security events as a function of risk, and output a prioritization of security events to address. A mapping component can map asset vulnerabilities to attack techniques. A calculation component can calculate and aggregate scores for respective attack techniques. An attack surface component can extract features from the aggregation of scores to rank attack techniques and determine an attack surface. The mapping component can further map security events to the attack techniques.

公开(公告)号：US11924239B2

公开(公告)日：2024-03-05

申请号：US17078455

申请日：2020-10-23

Applicant: International Business Machines Corporation

Inventor： Lilian Mathias Ngweta ,  Steven Ocepek ,  Constantin Mircea Adam ,  Sai Zeng ,  Muhammed Fatih Bulut ,  Milton H. Hernandez

IPC: H04L9/40 ,  G06N20/00

CPC classification number: H04L63/1433 ,  G06N20/00 ,  H04L63/10 ,  H04L63/1408 ,  H04L63/1466

Abstract: Systems, computer-implemented methods, and computer program products that facilitate vulnerability and attack technique association are provided. According to an embodiment, a system can comprise a memory that stores computer executable components and a processor that executes the computer executable components stored in the memory. The computer executable components can comprise a map component that defines mappings between vulnerability data representing a vulnerability of a computing resource and attack data representing at least one attack technique. The computer executable components can further comprise an estimation component that analyzes the mappings to estimate a probability that the vulnerability will be exploited to attack the computing resource.

公开(公告)号：US20210279326A1

公开(公告)日：2021-09-09

申请号：US16808590

申请日：2020-03-04

Applicant: International Business Machines Corporation

Inventor： Constantin Mircea Adam ,  Richard Jay Cohen ,  Jeffrey Edward Lammers ,  Cheng Yi Lee ,  Brian Peterson ,  Maja Vukovic ,  Xiongfei Wei

IPC: G06F21/51 ,  H04L9/32 ,  H04L9/30

Abstract: Using a first key, an encrypted file fingerprint is decrypted, the decrypting resulting in a decrypted file fingerprint. Using a hash function on a script file, a script file fingerprint is computed, the script file intended to be executed by an interpreter. Responsive to the script file fingerprint matching the decrypted file fingerprint, the script file is executed.