SECURITY MANAGEMENT SYSTEM

摘要

The invention relates to a system for providing an automated security management framework for an enterprise based on the enterprise's operations, infrastructure, and user-based processes, as well as industry-specific rules and regulations associated with the enterprise. The system is configured to generate recommendations or instructions based on correlation of enterprise's operations, infrastructure, and user-based processes with industry-specific rules and regulations. The recommendations or instructions are then provided to a user associated with the enterprise so as to facilitate actions to be taken to address a potential security threat.

主权项

1. A system for providing a tailored security management framework for a business entity based on the business entity's operations, infrastructure, and user-based processes, as well as industry-specific rules and regulations associated with the business entity, the system comprising:
a network-based computing system configured to communicate and exchange data with one or more network access computing devices via a communications network, the network-based computing system comprises:
a first memory for receiving and storing a first set of data associated with the business entity, the first set of data comprises information related to at least one of the business entity's operations, the business entity's infrastructure, the business entity's procedures and policies, and one or more users authorized to have access to the system and exchange data associated with the business entity;a second memory for receiving and storing a second set of data associated with an industry to which the business entity is related, the second set of data comprises industry-specific rules, regulations, and known security threats;a processor that correlates the first and second sets of data with one another and generates a plurality of security schemes for use in the security management framework to assess and address potential security threats; andan interface for receiving a request for access to data associated with the business entity;wherein the processor compares request data with the plurality of security schemes and identifies a corresponding security scheme based on the comparison, the processor outputs informational data associated with the identified security scheme to a user associated with the one or more network access computing devices to facilitate actions to be taken in response to the received request for access to the business entity data.