TITLE OF THE INVENTION
Method and system for securing information assets and risk managing,
FIELD OF THE INVENTION
[0001] The present invention relates to data collecting and processing. More specifically, the present invention is concerned with a method and a system for securing information assets and risk managing.
BACKGROUND OF THE INVENTION
[0002] In organizational structures or applications, an increasing amount of data is collected, stored and processed, usually in an electronic way. Such data may include personal data as well as technical data, and may be used for decision taking and risk managing in the framework of the given organization or application.
[0003] Existing information technology security methods and systems are either obsolete or especially developed for fields related to production. Since they are designed typically in relation to closed type systems provided with a well-defined organizational structure, they are usually based on linear methods and only allow a rough qualitative evaluation.
[0004] There is an increasing concern in relation to the integrity, confidentiality, availability, accuracy and permanence of data, especially of electronic data, in the field of specialized services, which are usually part of open, non-structured systems.
[0005] Therefore, there is a need for a method and a system allowing securing information assets and risk managing in a reliable and effective way.
SUMMARY OF THE INVENTION
[0006] There is provided a method for managing information data assets, comprising the steps of collecting data from at least one data provider in relation to at least one factor; analyzing a consistency of the data collected in relation to each data provider; and assessing a resulting impact of the at least one factor; whereby the resulting impact represents a combined impact of the at least one factor.
[0007] There is provided a system for securing information data of at least one of organizations and applications, comprising means for collecting data in relation to at least one factor; means for analyzing a consistency of the data collected in relation to each data provider; and means for assessing a resulting impact of the at least one factor; wherein the means for assessing a resulting impact yield a combined impact of the at least one factor in the at least one of organizations and applications.
[0008] Other objects, advantages and features of the present invention will become more apparent upon reading of the following non- restrictive description of embodiments thereof, given by way of example only with reference to the accompanying drawings.
BRIEF DESCRIPTION OF THE DRAWINGS
[0009] In the appended drawings:
[0010] Figure 1 is an example of an organization layout in a hospital institution.
[0011] Figure 2 is a flowchart of a method according to an aspect of the present invention;
[0012] Figure 3 is a matrix calculus assessment of impact according to an embodiment of the method of the present invention;
[0013] Figure 4 is a result matrix [T] of Figure 3;
[0014] Figure 5 is a (q x n) matrix [ML] of linear factors of the matrix calculus assessment of Figure 3;
[0015] Figure 6 is a temporary matrix used in Figure 4;
[0016] Figure 7 is a temporary matrix used in Figure 4; and
[0017] Figure 8 is a resulting matrix of the impact.
DESCRIPTION OF EMBODIMENTS OF THE INVENTION
[0018] Generally stated, there is provided a method and a system for increasing information technology security in terms of accuracy and interpretation of data.
[0019] In particular, the method and system of the present invention take into account non-standard, usually non-linear, contribution of factors to a resulting impact in an organization or an application.
[0020] Data herein may refer to intelligence data, related for example to management procedural, environmental or development operations of organizations.
[0021] The method and system of the present invention may be applied for the security of such information assets in an open unformatted type of organization, such as medical and hospital organizations for example, which may comprise a number of organization layers as illustrated in Figure 1. They may be applied in relation to a variety of organizations and applications, for, for example operating and comparing legislations in a number of countries with regard to a given field or operating and comparing of standards or other types of evaluation means with regard to a specific activity etc.
[0022] As shown in Figure 2, the method of the present invention generally comprises collecting data in relation to a number of factors (step 10); analyzing the consistency of the data collected (step 20); and assessing a resulting impact of the number of factors (step 30).
[0023] As is well known in the art, the step of collecting data (10) may be based on a multi-level questionnaire, whereby an answer η is obtained for a factor or parameter i. Interestingly however, due to the data processing approach used in following steps that will be described hereinbelow, the method of the present invention only requires a limited number of entries, typically questions for example, in the questionnaire used to collect the data.
[0024] Moreover, the questionnaire may be designed according to a target population of data providers, whereby for example the computer staff of the organization under survey is not directed the same questions as the human resources thereof, since due to their very activities in the organization, these two groups are not involved in the same manner with the flow of data, or even, they are not involved with a same part of the data flow to begin with.
[0025] Furthermore, the questionnaire may also be designed according to a size of the organization or application whose information assets are being under investigation.
[0026] Therefore, the questionnaire used in the data collecting step is tailored to the specific needs of a given organization or application, in terms of number of entries, content of entries and target surveyed population for example, in order to allow a collection of meaningful data which may be relied upon to yield an adequate diagnosis of the status of the information assets under study.
[0027] The step of analysis of the consistency of the collected data
(step 20) takes into account a capacity of each data provider, i.e. each person answering the questionnaire in the data collecting step 10 for instance, to provide data that are assessed both in terms of consistency and accuracy, in order to yield a relative weight to each data thus collected.
[0028] Obviously, simple logical criteria may be applied to assess the consistency of the collected data, for example in the example given hereinbelow where the data are collected by means of a questionnaire comprising 5 levels (questions), each of them to be answered either by "yes" or by "no":
5) There is a delay of more than 1 week between each changes of access code. 4) There is a delay of more than 1 month between each changes of access code. 3) There is a delay of more than 3 months between each change of access code. 2) There is a delay of more than 4 months between each change of access code. 1 ) There is a delay of more than 1 year between each change of access code.
[0029] Clearly, a "yes" answer to question 1 is not consistent with a
"no" answer to questions 2 to 5, as a "yes" answer to questions 1, 3 and 5 is not consistent with a "no" answer to questions 2 and 4. In this example, it is possible to draw a chart of all the possible consistent sets of answers as shown in Table I as follows:
All these sets of answers are characterized by a consistency rating of 100%. A consistency rating inferior to 100% in this example would mean that the data
provider, i.e. the person answering the questionnaire, does not understand the questions or does not take the time to thoroughly read them. However, such a consistency of 100% does not necessarily mean accuracy of the data provided, since the data provider may be consistent in his responses while at the same time lacking a desired expertise or knowledge.
[0030] In the case of inconsistency, the following relation may be used:
Consistency = 1 -((no max - yes mjn)/(number of levels-1) ) (1)
where nomaχ corresponds to the highest level of question answered with a "no" answer, and yes,™ corresponds to the lowest level of question answered with a "yes" answer.
[0031] When the responses are consistent, the consistency is taken as 100%. In the exemplary case given above, the results shown in Table II hereinbelow may thus be obtained:
A consistency result of 100% means consistency of the data. Such a technique is straightforward but of limited representativeness.
[0032] A more sophisticated consistency measurement technique may involve correlation computation and drawing evaluation profiles related to each data by relations 2-7 below, where cov is the covariance of x and y, σx and σ-y are the standard deviations of x and y respectively; and ux and uy are the average of x and y respectively, x refers to a reference with a fixed value, such as x(1,2,3,4,5)={1 ,2,3,4,5} and y(1,2,3,4,5)={1 ,2,3,4,5} corresponds to consistency in the data collected, giving a correlation equal to 1 or 100%.
Correlation = C -X'y) {2} where cov = -∑(χ , ~ U Γ U J (3) σxσy " w
(4)
[0033] For example, given the pattern of response to the questionnaire already used as an example hereinabove shown in Table III below, a fair hypothesis would be that data 2 and 3 have been mixed up and that an adequate value for y in the correlation is y ={1,3,2,4,5}. Therefore, in that case, the correlation with the reference x={1 ,2,3,4,5} is 90%. A more severe rating may be selected, by using the factor at a power of 2 instead of 1 , which would in this example have yield a correlation of 81%.
[0034] From the above example, it is obvious that different levels of severity in the correlation assessment may be selected, resulting in correlation ratings that are more or less high, depending on predetermined criteria, including for example a degree of specific expertise and knowledge of the person answering the questionnaire.
[0035] The following Table IV presents two sets of distribution for the yi's according to the patterns of answers to the questionnaire obtained. In Table IV, "0" refers to a "no" answer, while "1" refers to a "yes" answer. Clearly, the first distribution (type 1) involves reduced impacts of inconsistencies, while the second one (type 2) yields a quicker reduction of the correlation.
[0036] It appears that such a correlation computation allows more adequately assessing the consistency of data according to a background and expertise of the data provider. Interestingly, it only implies simple computations and is easily implemented with known computation software such as, for example, Excel™, or by using tables.
[0037] For assessing the impacts (step 30), a standard linear computation method may be applied as is well known in the art, summing up each data corresponding to a factor / multiplied by a weighting factor associated therewith, as follows:
Impact = pιrι+p2r2+...+piri+...+pnrn with n = 1 (8)
where p,- refers to a weight of risk factor and η refers to an answer to factor /.
[0038] However, in cases when two factors have a small impact taken separately but a major impact when occurring simultaneously, the above standard method is ineffective. Moreover, when this method includes adjusting the weights according to individual impact of each factor, the resulting impact is under-estimated; while when it includes adjusting the weights in relation to the combined impact, individual impacts are over-estimated.
[0039] According to the present invention, a more accurate impact assessment method in such a case when two factors have a small impact taken separately and a major impact when occurring simultaneously incorporates a non-linear element in the computation.
[0040] In a first method, each question of the questionnaire used in step 10 is identified as belonging to an entity referred to as a subject, and is given a weight associated with a susceptibility to be impacted, according to its content, in terms of minor susceptibility, major susceptibility and critical susceptibility. The different subjects relate to parameters or targets standardly defined by the organization, for which standard target threshold are known. Answers to the different question of the questionnaire are summed up by
subject using the susceptibility weights. When the result for a given subject is lower than the standard target threshold thereof, this result is tagged with an asset or a handicap weight. Once the result is obtained for each subject, the subjects are compared and a dependence link matrix is drawn relating the subjects taking into account these asset or a handicap weights. Such a first approach yields a global assessment of the interdependency of the subjects as determined by a respective asset or a handicap weight of each one in the framework of the organization under study and by the susceptibility weight of each question. Such an approach may be sued for example in the field of securing information assets, maintenance, risk management, management planning, standards compliance etc...
[0041] In a second method, a mathematical function that may be used for example is the so called rounded part function, which may be implemented in conventional spreadsheet calculators and sometimes referred to as "floor", "ceiling", "integer", "round" etc. For example, the "floor" function yields the smallest integer of a value. With such a tool, assessment of impact is then computed as follows:
Impact = pir1+p2r2+...+Piri+...+pnrn+ floor((pιr1+ p2r2+... +Pin+... +pnrn)/n) (9)
[0042] In the present invention, a matrix calculus method is developed (see Figures 2-7), wherein impact is assessed by separating a standard (linear) part and a non-linear part thereof, as follows:
[MIIMNL][ML][R]= [T] (10)
where [Ml] is a (m x q) impact matrix comprising an identity matrix I (m x m) and non-linear factors impact (m x s) where q = m+s; [MNL] is a (q x q) matrix of non-linear factors; [ML] is a (q x n) matrix of linear factors (see Figure 4); [R] is a column matrix (n x 1) of the n answers, and [T] is a column matrix (m x 1) of results (Figure 2).
[0043] The column matrix [T] of results is computed as a product of the impact matrix [Ml] by temporary matrix [MT1, 2], (see Figures 3 and 5-6).
[0044] The method yields an assessment of impact as illustrated by the matrix in Figure 7.
[0045] Matrix calculus techniques are well known in the art, and softwares are available, such as Lapack™ for example, which allow processing matrices of up to 1000 X 1000 in less than half a second on a Pentium™ 42 GHz. Alternatively, with tools such as Excel™ that do not require a VBA software, a 154 X 154 matrix may be processed without delay.
[0046] As people in the art will appreciate, the method of the present invention not only allows a qualitative assessment of global risks of direct impacts, but also a quantitative assessment of combined risks of specific data.
[0047] A system according to the present invention allows carrying on the method described hereinabove. The system basically comprises an intelligence unit and a processing unit, wherein the intelligence unit provides a knowledge database and the processing unit provides decision tools for an automated diagnostic.
[0048] The method and the system of the present invention provide a tool for an automated diagnosis, by the ability of a functional unit to detect problems and to identify the type of error.
[0049] The present method allows handling of data including collection and validation of the data, classification and weighting of factors of direct impacts; classification and modeling of correlation between the data. In particular, the present method comprises assessing a data consistency factor, a classification of data in relation to security thereof, and an assessment of risks related to each type of data by a combination of direct impacts.
[0050] The present invention provides a method for increasing information technology security in terms of accuracy and interpretation of data. In particular, the method of the present invention takes into account non- standard (non-linear) contribution of impact. Furthermore, this invention provides continuous multi-model management of risk items in accordance with the type of organization.
[0051] The present invention provides a method for increasing information technology security in terms of accuracy and interpretation of data. Interestingly, the method of the present invention takes into account non-linear (non-standard) cross-correlation of impact which accounts for an effective decision aid and management tool. The present method and system may be seen as an expert method and system for information assets. They may used in risks analysis, assessment of an overall state of an institution or organization, operating and comparing legislations with regard to a given field or operating and comparing of standards or other types of evaluation means with regard to a specific activity, determining remedial actions, validating results of these actions. Interestingly, they may be used for securing information
assets and risk managing of a number of organizations or applications at a time.
[0052] Although the present invention has been described, hereinabove by way of embodiments thereof, it can be modified, without departing from the nature and teachings thereof as defined herein.