| 发明名称 |
Method and apparatus for associating data loss protection (DLP) policies with endpoints |
| 摘要 |
A method of policy management in a Data Loss Prevention (DLP) system uses a policy model that associates a user with one or more DLP endpoints. When an endpoint is added to the system, a set of policies for that endpoint are determined using an identity of the user that is associated with the endpoint and a list of roles or groups for that user. At policy distribution time, the method determines a set of endpoints to which the policy is to be distributed. |
| 申请公布号 |
US9311495(B2) |
申请公布日期 |
2016.04.12 |
| 申请号 |
US201012963967 |
申请日期 |
2010.12.09 |
| 申请人 |
International Business Machines Corporation |
发明人 |
Readshaw Neil Ian;Ramanathan Jayashree;Bray Gavin George |
| 分类号 |
G06F21/60;G06F21/55;G06F21/62 |
主分类号 |
G06F21/60 |
| 代理机构 |
|
代理人 |
Petrokaitis Joseph;Judson David H. |
| 主权项 |
1. A method of policy management in a data loss prevention (DLP) system, comprising:
defining a policy model that associates a user with one or more endpoints, the user being associated with at least one role or group; determining a set of policies for an endpoint in the DLP system using an identity of the user that is associated with the endpoint and a list of roles or groups for the user, wherein the set of policies for the endpoint reference each role or group to which the user is associated; and determining a set of endpoints to which a policy is to be distributed by:
identifying the user owning the endpoint;retrieving a list of roles or groups for that user; anddefining the set of policies as the policies that reference each role or group to which the user is associated; wherein at least one of the determining steps is performed using a computer program executing in a hardware element. |
| 地址 |
Armonk NY US |
