A SECURITY SYSTEM Technical Field
The present invention relates to a system which enables to perform the communication between units that are included in organizations and responsible for the security of information within the organization and different workers in the said organization in a coordinated way, and ensures that the officials in the senior management unit within organizations can instantly monitor violations of information security in the organization.
Background of the Invention
Today, institutions and companies have to protect a variety of data generated in their own units. Various security systems such as DLP (data loss prevention) and SIEM (security information and event management), which prevent leakage of intra-company (in-house) data to external environment and/or systems, are used by the said institutions. The said security systems and/or software cannot detect data theft, data sabotage on the said data by means of alarms created in accordance with certain rules by analyzing the data generated in the institution. While detecting whether the occurring alarms are beyond the scope of business requirement, the said alarms should be evaluated by different units other than security teams. However, the fact that data security evaluations are carried out throughout the company by a single employee or team reduces the effectiveness of security controls in the organization because of the problem that important parameters cannot be evaluated. Besides, parameters such as evaluation of requirements arising from business processes, evaluation of the cyber security status by the management, delaying controls due to the large number of notifications examined, employee loyalty in the company, suspicious activities of an employee and the criticality of transferred data should be evaluated on the security system in an institution. Yet, in the state of art, there is no solution which enables to display the security notifications, that are sent over existing security services, to company employees on a role-based basis; to enrich the data, that are received from human resources and active directory, while the security notifications are displayed to the company employees; to process the collected data and then prioritize the said data according to the risk calculation; to enable the company employees to view the intra-company security notifications based on the active directory groups wherein they are members of and the authorizations assigned to the said group.
Due to the above-mentioned reasons, there is need for a security system which enables to display the security notifications, that are sent over existing security services, to company employees on a role-based basis; to enrich the data, that are received from human resources and active directory, while the security notifications are displayed to the company employees; to process the collected data and then prioritize the said data according to the risk calculation; to enable the company employees to view the intra-company security notifications based on the active directory groups wherein they are members of and the authorizations assigned to the said group, without the company employees passing over the data traffic over themselves and then controlling it, without preventing data transfers in the company, without using monitoring agents and interface of application programs.
The United States patent document no. US10148694B1, an application in the state of the art, discloses a system for data loss prevention (DLP) by monitoring the file system activity of an application having a network connection. In the inventive system, a DLP agent tracks the file system activity (e.g., opening and reading files) initiated by an application. The DLP agent intercepts the file system activity and evaluates a file specified by the file system operation to determine whether the file includes sensitive data or not. If such data is detected, the DLP agent enables to prevent transmission of sensitive data by blocking the file system activity or removing the sensitive data from the file.
Summary of the Invention
The objective of the present invention is to realize a security system which enables to display the security notifications, that are sent over existing security services, to company employees on a role-based basis; to enrich the data, that are received from human resources and active directory, while the security notifications are displayed to the company employees; to process the collected data and then prioritize the said data according to the risk calculation; to enable the company employees to view the intra-company security notifications based on the active directory groups wherein they are members of and the authorizations assigned to the said group, without the company employees passing over the data traffic over themselves and then controlling it, without preventing data transfers in the company, without using monitoring agents and interface of application programs.
Detailed Description of the Invention
“A Security System” realized to fulfil the objective of the present invention is shown in the figure attached, in which:
Figure 1 is schematic view of the inventive security system.
The components illustrated in the figure are individually numbered, where the numbers refer to the following:
1. System
2. Electronic device
3. An intuitive security application 4. Database
5. Server F. Firm
ES. External service SS. Security service
The inventive security system (1) which enables to enables to perform the communication between units that are included in organizations and responsible for the security of information within the organization and different workers in the said organization in a coordinated way, and ensures that the officials in the senior management unit within organizations can instantly monitor violations of information security in the organization comprises:
- at least one electronic device (2) which is configured to enable firm employees, security teams and officials to communicate with other persons;
- at least one intuitive security application (3) which is run on the electronic device (2) and configured to enable the security teams in the firm (F) to enter data into the interface included on the intuitive security application and/or to view the stored data;
- at least one database (4) which connects with an intuitive security application (3) and is configured to store the data entered over an intuitive security application (3) and/or used by the external service, and the rule sets related to the actions to be taken according to the data; and
- at least one server (5) which connects with an intuitive security application (3), the database (4), the external services (ES) and the security services (SS) in the firm (F) and is configured to access the data transmitted from the external services (ES) and the security services (SS); to monitor the transfers of data -that are considered as critical- within the firm (F) by evaluating the accessed data with the rule set in the database (4); and to inform the security teams in the firm (F) about determining whether the alarms occurring in the security service (ES) are within the scope of business needs or not. The electronic device (2) included in the inventive system (1) is a smart device such as a mobile phone, tablet or computer configured to enable employees, managers, internal audit and compliance teams, cyber security teams, members of information security committees and risk committees, department managers, and help desk teams of information technologies within the firm (F) to communicate with other persons.
An intuitive security application (3) included in the inventive system (1) is configured to enable all employees using the electronic device (2) to access data in accordance with their roles and responsibilities in the service of information security management in the said firm (F), by connecting with external services (ES) such as human resources in the firm (F) and remote access, and security services (SS) such as prevention of data loss, security management and event management. An intuitive security application (3) is configured to ensure that the notifications and outputs of information security processes produced by the cyber security and information security teams, audit and compliance teams, information technologies teams in the external services (ES) and security services (SS) included in the firm (F) are understandable by different business units within the firm (F). An intuitive security application (3) is configured to ensure that screens customized for different roles such as managers, internal audit and compliance teams, cyber security teams, members of information security committees and risk committees, department managers, help desk teams of information technologies in the firm (F) are displayed on the electronic device (2), by running on the electronic device (2). An intuitive security application (3) is configured to enable the said managers to create security groups according to different departments and units in the firm (F) within the active directory by running on the electronic devices (2) of the managers in the firm (F), and to ensure that different role-based authorization assignments are made to security groups according to the department they are associated with. An intuitive security application (3) is configured to transmit the role-based authorization information related to the security groups on itself in the active directory, to the database (4). An intuitive security application (3) is configured to connect with external services (ES) in the firm (F) such as human resources and remote access via web service protocols. An intuitive security application (3) is configured to connect with security systems (S) in the firm (F) such as DLP, DAM, FAM and SIEM via JDBC and Syslog protocols. Also, an intuitive security application (3) is configured to enable an authorized user in the firm (F) to create information security measurement criteria and key performance indicators with the interface included on itself.
The database (4) included in the inventive system (1) is configured to store information security measurement criteria and key performance indicators created on an intuitive security application (3), in the library on itself by connecting with an intuitive security application (3).
The server (5) included in the inventive system (1) is configured to access the data transmitted from external services (ES) and security services (SS), and to evaluate the accessed data based on security parameters such as measurement scores of information security effectiveness, violation events of information security, outputs of risk analysis, critical security vulnerabilities detected, and audit findings. The server (5) is configured to detect information such as requirements arising from business processes, cyber security condition in the firm (F), company loyalty of the employee in the firm (F), suspicious activities of the employee of the firm (F) and the criticality of the data transferred to the firm (F) and/or from the firm (F), by evaluating the data accessed from external services (ES) and security services (SS) according to security parameters. The server (5) is configured to create security units by enriching information such as requirements arising from business processes, cyber security status in the firm (F), company loyalty of the employee in the firm (F), suspicious activities of the employee of the firm (F) and the criticality of the data transferred to the firm (F) and/or from the firm (F) with the data in human resources and active directory in the firm (F) and to enable the firm (F) authorities running the application (3) to display security notifications on the interface of an application (3) according to the roles and authorizations assigned to the security group in the active directory, by transmitting security notifications to an intuitive security application (3).
Industrial Application of the Invention
In the inventive system (1), employees working in the firm (F) can view the security notifications produced on the server (5) by running an intuitive security application (3) on their electronic devices (2). An intuitive security application (3) included in the system (1) connects with various external services (ES) and security services (SS) in the firm (F). An intuitive security application (3) enables the said managers to create security groups according to different departments and units in the firm (F) within the active directory by running on the electronic devices (2) of the managers in the firm (F), and to perform different role-based authorization assignments to security groups according to the department they are associated with. Thus, the security notifications transmitted from the server (5) are displayed in a different way by different departments in the firm (F) by means of an intuitive application (3). However, the managers in the firm (F) can instantly monitor the activity of information security through an intuitive security application (3) in the system (1). The server (5) creates a security notification by detecting audit findings such as measurement scores of information security effectiveness, information security violation events, outputs of risk analysis and critical security vulnerabilities detected on the accessed data, by connecting with various external services (ES) and security services (SS) in firm (F). Security notifications are transmitted to an intuitive security application (3) via the server (5).
With the inventive system (1) it is ensured that the security notifications, that are sent over existing security services, are displayed to company employees on a role- based basis; the data, that are received from human resources and active directory, are enriched while the security notifications are displayed to the company employees; the collected data are processed and then the said data are prioritized according to the risk calculation; the company employees are enabled to view the intra-company security notifications based on the active directory groups wherein they are members of and the authorizations assigned to the said group.
It is possible to develop various embodiments of the inventive security system (1); the invention cannot be limited to examples disclosed herein and it is essentially according to claims.