主权项 |
1. A method of detecting improper access of business information in a computer environment, the business information including customer and prospect information and records that correspond to a particular partner, the method comprising:
generating a rule for monitoring audit log data representing at least one of transactions or activities that are executed in the computer environment, which are associated with the business information, the rule comprising at least one criterion related to at least one of accesses in excess of a specific volume, accesses during a pre-determined time interval, or accesses by a specific user, that is indicative of improper access of the business information by an authorized user wherein the improper access is an indication of potential theft of the business information, the authorized user having a pre-defined role comprising authorized computer access to the business information; applying the rule to the audit log data to determine if an event has occurred, the event occurring if the at least one criterion has been met; storing, in a memory, a hit if the event has occurred; and providing notification if the event has occurred. |