< Back
Sign In to Follow Application
View All Documents & Correspondence
Login

Methods And Systems For Integrated Risk Management In Enterprise Environments

Abstract: A method and system for detecting and mitigating risk in an enterprise environment is disclosed. The method includes receiving information associated with one or more of a business design structure, an application topology, and a system topology. Thereafter, the method correlates the received information associated with the business design structure, the application topology, and the system topology. The method further includes detecting one or more risks associated with the enterprise environment in response to correlating the received information. The one or more risks that are detected are thereafter monitored in the enterprise environment. In response to monitoring the one or more risks, the method thereafter performs a corrective action for the one or more risks that are monitored. Fig.1

Get Free WhatsApp Updates!
Notices, Deadlines & Correspondence

Patent Information

Application #
Filing Date
07 September 2016
Publication Number
10/2018
Publication Type
INA
Invention Field
GENERAL ENGINEERING
Status
Email
ipo@knspartners.com
Parent Application

Applicants

WIPRO LIMITED
Doddakannelli, Sarjapur Road, Bangalore 560035, Karnataka, India.

Inventors

1. SUNIL VARKEY
Sankaravelil, Eraviperoor, Tiruvalla, Kerala, India
2. AJAY CHITTARMAL AGRAWAL
Flat No 310, Block – A, SVR Flora Apartment, Harlur Road, HSR Extension Layout, Sector – 2, Bangalore – 560 102, Karnataka, India.
3. ATHULKUMAR HANSRAJ
Flat No 307, M S Garden Apartments, Jyothi Nagar, Gottigere, Bannerghatta Road, Bangalore – 560083, Karnataka, India.

Specification

Claims:WE CLAIM

1. A method for mitigating risk in an enterprise environment, the method comprising:
receiving, through a business interface, information associated with at least one of a business design structure, an application topology, and a system topology;
correlating, by a risk manager controller, the received information associated with the at least one of the business design structure, the application topology, and the system topology;
detecting, by the risk manager controller, at least one risk associated with the enterprise environment in response to correlating the received information;
monitoring, by the risk manager controller, the at least one risk detected in the enterprise environment; and
performing, by the risk manager controller, a corrective action for the at least one risk monitored in the enterprise environment.

2. The method of claim 1, wherein receiving the information comprises storing the at least one of the business design structure, the application topology, and the system topology in an enterprise context module.

3. The method of claim 1, wherein correlating the received information comprises:
retrieving historical risk information associated with the at least one of the business design structure, the application topology, and the system topology from a historical incident repository module; and
retrieving current risk information associated with the at least one of the business design structure, the application topology, and the system topology from a threat intelligence feed module, wherein the threat intelligence feed module comprises vulnerability information associated with the at least one of the business design structure, the application topology, and the system topology, information associated with new vectors of existing threats, and information associated with new threats prevailing in the cyber world.

4. The method of claim 3, wherein correlating the received information further comprises determining at least one of a dependent application, and a dependent infrastructure associated with the business design structure, the application topology, and the system topology from a configuration module.

5. The method of claim 4, wherein correlating the received information further comprises verifying an access control mechanism associated with the at least one of the dependent application, the dependent infrastructure, the business design structure, the application topology, and the system topology.

6. The method of claim 1, wherein monitoring the at least one risk comprises:
determining a remediation patch for the at least one risk detected in the enterprise environment;
checking whether the remediation patch for the at least one risk detected is available in a patch server;
retrieving the remediation patch from the patch server when the remediation patch is available in the patch server; and
triggering the patch server to synchronize with at least one Original Equipment Manufacturer (OEM) to retrieve the remediation patch when the remediation patch is not available in the patch server.

7. The method of claim 6, wherein monitoring the at least one risk further comprises validating the remediation patch retrieved from the OEM in a test environment.

8. The method of claim 1, wherein performing the corrective action comprises automatically deploying the corrective action for the at least one risk monitored, wherein the corrective action comprises at least one of a remediation patch, a software code, a network filter, a security policy, or a security application.

9. The method of claim 8, wherein performing the corrective action further comprises:
logging status of the deployment of the corrective action for the at least one risk monitored in a knowledge database; and
notifying at least one stakeholder regarding the status of the deployment of the corrective action for the at least one risk monitored.
10. The method of claim 9, wherein performing the corrective action further comprises periodically publishing a report, wherein the report comprises information associated with the at least one risk, remediation patch corresponding to the at least one risk, OEM, and the corrective action associated with the at least one risk.

11. An enterprise risk mitigation system, comprising:
a business interface for receiving information associated with at least one of a business design structure, an application topology, and a system topology; and
a risk manager controller operatively coupled to the business interface, the risk manager controller configured to:
correlate the received information associated with the at least one of the business design structure, the application topology, and the system topology;
detect at least one risk associated with the enterprise environment in response to correlating the received information;
monitor the at least one risk detected in the enterprise environment; and
perform a corrective action for the at least one risk monitored in the enterprise environment.

12. The enterprise risk mitigation system of claim 11, wherein the risk manager controller is further configured to store the at least one of the business design structure, the application topology, and the system topology in an enterprise context module.

13. The enterprise risk mitigation system of claim 11, wherein the risk manager controller is further configured to:
retrieve historical risk information associated with the at least one of the business design structure, the application topology, and the system topology from a historical incident repository module; and
retrieve current risk information associated with the at least one of the business design structure, the application topology, and the system topology from a threat intelligence feed module, wherein the threat intelligence feed module comprises vulnerability information associated with the at least one of the business design structure, the application topology, and the system topology, information associated with new vectors of existing threats, and information associated with new threats prevailing in the cyber world.
14. The enterprise risk mitigation system of claim 11, wherein the risk manager controller is further configured to determine at least one of a dependent application, and a dependent infrastructure associated with the business design structure, the application topology, and the system topology from a configuration module.

15. The enterprise risk mitigation system of claim 11, wherein the risk manager controller is further configured to verify an access control mechanism associated with the at least one of the dependent application, the dependent infrastructure, the business design structure, the application topology, and the system topology.

16. The enterprise risk mitigation system of claim 11, wherein the risk manager controller is further configured to:
determine a remediation patch for the at least one risk detected in the enterprise environment;
check whether the remediation patch for the at least one risk detected is available in a patch server;
retrieve the remediation patch from the patch server when the remediation patch is available in the patch server; and
trigger the patch server to synchronize with at least one Original Equipment Manufacturer (OEM) to retrieve the remediation patch when the remediation patch is not available in the patch server.

17. The enterprise risk mitigation system of claim 11, wherein the risk manager controller is further configured to validate the remediation patch retrieved from the OEM in a test environment.

18. The enterprise risk mitigation system of claim 11, wherein the risk manager controller is further configured to automatically deploy the corrective action for the at least one risk monitored, wherein the corrective action comprises at least one of a remediation patch, a software code, a network filter, a security policy, or a security application.

19. The enterprise risk mitigation system of claim 11, wherein the risk manager controller is further configured to:
log status of the deployment of the corrective action for the at least one risk monitored in a knowledge database; and
notify at least one stakeholder regarding the status of the deployment of the corrective action for the at least one risk monitored.

20. The enterprise risk mitigation system of claim 11, wherein the risk manager controller is further configured to periodically publish a report, wherein the report comprises information associated with the at least one risk, remediation patch corresponding to the at least one risk, OEM, and the corrective action associated with the at least one risk.

21. A computer-usable medium having non-transitory computer readable instructions stored thereon for execution by a risk manager controller in an enterprise risk mitigation system to perform a method for:
receiving, through a business interface, information associated with at least one of a business design structure, an application topology, and a system topology;
correlating the received information associated with the at least one of the business design structure, the application topology, and the system topology;
detecting at least one risk associated with the enterprise environment in response to correlating the received information;
monitoring the at least one risk detected in the enterprise environment; and
performing a corrective action for the at least one risk monitored in the enterprise environment.

Dated this 6th day of September, 2016

R Ramya Rao
Of K&S Partners
Agent for the Applicant
, Description:TECHNICAL FIELD
The present invention relates to risk management in enterprise environments, in particular, to methods and systems for integrated risk management in an enterprise environment.

Documents

Application Documents

# Name Date
1 201641030455-FER.pdf 2019-12-18
1 Form 5 [07-09-2016(online)].pdf 2016-09-07
2 Form 3 [07-09-2016(online)].pdf 2016-09-07
2 201641030455-REQUEST FOR CERTIFIED COPY [31-10-2017(online)].pdf 2017-10-31
3 Form 3 [28-12-2016(online)].pdf 2016-12-28
3 Form 18 [07-09-2016(online)].pdf_82.pdf 2016-09-07
4 201641030455-Correspondence-PA-160916.pdf 2016-11-24
4 Form 18 [07-09-2016(online)].pdf 2016-09-07
5 Drawing [07-09-2016(online)].pdf 2016-09-07
5 201641030455-Power of Attorney-160916.pdf 2016-11-24
6 Other Patent Document [22-10-2016(online)].pdf 2016-10-22
6 Description(Complete) [07-09-2016(online)].pdf 2016-09-07
7 REQUEST FOR CERTIFIED COPY [09-09-2016(online)].pdf 2016-09-09
7 Form 26 [14-09-2016(online)].pdf 2016-09-14
8 REQUEST FOR CERTIFIED COPY [09-09-2016(online)].pdf 2016-09-09
8 Form 26 [14-09-2016(online)].pdf 2016-09-14
9 Other Patent Document [22-10-2016(online)].pdf 2016-10-22
9 Description(Complete) [07-09-2016(online)].pdf 2016-09-07
10 201641030455-Power of Attorney-160916.pdf 2016-11-24
10 Drawing [07-09-2016(online)].pdf 2016-09-07
11 201641030455-Correspondence-PA-160916.pdf 2016-11-24
11 Form 18 [07-09-2016(online)].pdf 2016-09-07
12 Form 3 [28-12-2016(online)].pdf 2016-12-28
12 Form 18 [07-09-2016(online)].pdf_82.pdf 2016-09-07
13 Form 3 [07-09-2016(online)].pdf 2016-09-07
13 201641030455-REQUEST FOR CERTIFIED COPY [31-10-2017(online)].pdf 2017-10-31
14 Form 5 [07-09-2016(online)].pdf 2016-09-07
14 201641030455-FER.pdf 2019-12-18

Search Strategy

1 201641030455_11-12-2019.pdf