Abstract: Embodiments of the present invention disclose methods and systems which receive a user credential corresponding to a user, a task to be performed by the user, a security policy including a user role, and sensitive information. These methods and systems dynamically provision virtual machines including un-redacted information from received sensitive information. Furthermore, a set of tools process the redacted information, based on the user credential, the task to be performed, and the security policy.

Abstract: A developer is monitored by at least one sensor, and developer data is gathered from the at least one sensor. Code change data is gathered for changes made by the monitored developer to at least one area of code, and the code change data is mapped to the developer data. Test cases are run to test the at least one area of code, and to identify failed test cases. Code change data corresponding to the failed test cases is also identified, as well as developer data mapped to the corresponding code change data. Further, a prediction model that correlates test case failure with the developer data is generated. The prediction model is used to generate probabilities of failure for test cases based on a new developer data mapped to new code test data.

Abstract: An example system includes a processor to monitor a data asset and associated access policies to be synchronized to detect a trigger. The processor is to also request and receive data lineage information on the monitored data asset in response to detecting the trigger. The processor is to further detect a source system and a target system based on the data lineage information. The processor is also to query an access policy of the source system and an access policy of the target system. The processor is to merge the access policy of the source system and the access policy of the target system based on a predetermined merger configuration to generate a merged access policy. The processor is to update a monitoring system based on the merged access policy.

Abstract: Disclosed aspects relate to information presentation management by an electronic presentation device. With respect to a set of information for presentation, a set of information profile data is detected. Using a set of sensors linked to the electronic presentation device, a set of device sensor data of the electronic presentation device is collected. Based on both the set of device sensor data and the set of information profile data, a determination of a security configuration for presentation of the set of information on the electronic presentation device is made. Based on the security configuration, the set of information is presented by the electronic presentation device.

Abstract: A method, computer program product and system for generating false data for suspicious users. A suspicious user is identified. Actions of the user are then tracked. The user attempting to access sensitive information is detected. Relevant false sensitive information corresponding to the sensitive information is then detected. The relevant false sensitive information is then mapped to the sensitive information. The relevant false sensitive information is provided to the suspicious user. In response to user input, at least one command is executed, where the at least one command includes the relevant false sensitive information and not the sensitive information.

Abstract: Disclosed herein is a system and method that can retrieve, via a file monitor, a file and policy data from a case management system or a content management system, wherein the file and the policy data are retrieved in response to detecting a user request for the file. A processor can also modify, via the file monitor, access to the file based on the policy data, and intercept a plurality of document management instructions executed with the file. The processor can also detect at least one of the document management instructions is a malicious action, wherein the malicious action is detected based on the policy data, wherein the policy data is updated in response to detecting each of the document management instructions. Additionally, the processor can execute a policy instruction to prevent execution of the at least one document management instruction.

Abstract: Detecting malware attacks is described herein. A computer-implemented method may include receiving, via a processor, events from a plurality of activity monitors. The method also include extracting, via the processor, a plurality of behavioral features from the received events. The method may further include detecting, via the processor, a malware attack based on the extracted behavioral features using a malware identification model trained on private data and public data using a machine learning technique, wherein the private data includes private enterprise attack findings. The method may also include executing, via the processor, an ad hoc protection improvement based on the detected malware attack.

Abstract: A method, computer program product and system for generating false data for suspicious users. A suspicious user is identified. Actions of the user are then tracked. The user attempting to access sensitive information is detected. Relevant false sensitive information corresponding to the sensitive information is then detected. The relevant false sensitive information is then mapped to the sensitive information. The relevant false sensitive information is provided to the suspicious user. In response to user input, at least one command is executed, where the at least one command includes the relevant false sensitive information and not the sensitive information.

Abstract: Disclosed embodiments provide techniques for accessing a document from a cloud storage system and controlling the display of sensitive data within the document based on user permissions. One or more restricted information segments are identified within a document to be stored on the cloud storage system. Restricted information segments can include anything within an electronic file for which it is desired to provide multiple levels of access. In some embodiments, the restricted information segments are automatically identified via computer-implemented natural language processing (NLP) techniques. For each restricted information segment, one or more alternative data sequences are generated. The alternative data sequences are encrypted using various keys residing on a client device associated with a user. The keys can be used to decrypt data stored within a multiple-value encrypted field structure.

Abstract: A method, computer program product and system for preventing unauthorized access of confidential information. The transmission of data from a first user to a second user is detected. An authorization level corresponding to the second user is then determined. Furthermore, a probability that the authorization level corresponding to the second user and the data is accurate is generated. Additionally, a determination is made that the data includes sensitive information that the second user is not authorized to access based on the authorization level. Moreover, the data can be modified based on the probability, where the data is to be redacted if the probability is within a range of a threshold value or the data is to be blocked from transmission if the probability is above the range.

Abstract: Detecting malware attacks is described herein. A computer-implemented method may include receiving, via a processor, events from a plurality of activity monitors. The method also include extracting, via the processor, a plurality of behavioral features from the received events. The method may further include detecting, via the processor, a malware attack based on the extracted behavioral features using a malware identification model trained on private data and public data. The method may also include executing, via the processor, an ad hoc protection improvement based on the detected malware attack.

Abstract: Data lineage including a plurality of levels can be received. A configuration also can be received. A three dimensional (3D) virtual reality (VR) model can be built, the 3D VR model including a plurality of floors based on data lineage content corresponding to the plurality of levels and the configuration. The 3D VR model can depict, on at least a first of the plurality of floors, a plurality of rooms of a virtual building representing data elements and hallways of the building representing data flows between data elements. A view of the 3D VR model can be displayed on a display device, wherein the 3D VR model is configured for a user to navigate the plurality of the rooms and hallways of the virtual building to determine lineage of data.

Abstract: A method, computer program product and system for preventing unauthorized access of confidential information. The transmission of data from a first user to a second user is detected. An authorization level corresponding to the second user is then determined. Furthermore, a probability that the authorization level corresponding to the second user and the data is accurate is generated. Additionally, a determination is made that the data includes sensitive information that the second user is not authorized to access based on the authorization level. Moreover, the data can be modified based on the probability, where the data is to be redacted if the probability is within a range of a threshold value or the data is to be blocked from transmission if the probability is above the range.

Abstract: A computer-implemented method is provided. The method may include determining a behavioral pattern of a user based on historical data access events and historical data access conditions corresponding to the historical data access events, wherein the data access events are associated with a computer enterprise system. A data access request from the user with respect to a secure resource may be received from a computing node connected to the computer enterprise system. A behavioral state of the user may be determined with respect to the data access request and data access conditions corresponding to the data access request. A discrepancy between the behavioral pattern and the behavioral state of the user may be detected. A security risk level may be determined based on the discrepancy. In response to determining that the security risk level exceeds a predetermined threshold, a security action may be performed with respect to the secure resource.

Abstract: An example system includes a processor to receive data lineage including a plurality of levels, and a configuration. The processor is to also build a three dimensional (3D) virtual reality (VR) model including a first floor based on data lineage content corresponding to a first level of the plurality of levels and the configuration. The processor is to further display a view of the 3D VR model.

Abstract: Embodiments of the present invention disclose a method, computer program product, and system for text author anonymization for de-identification of written text. This may be used to replace written text after learning text author writing characteristics, such frequently written terms, grammar patterns, grammar errors, and writing tone. Portions of the written text which may identify the text author may be replaced, for example the text author writing characteristics, social status, geographical location, and specific organization.

Abstract: Embodiments of the present invention disclose a method, computer program product, and system for text author anonymization for de-identification of written text. This may be used to replace written text after learning text author writing characteristics, such frequently written terms, grammar patterns, grammar errors, and writing tone. Portions of the written text which may identify the text author may be replaced, for example the text author writing characteristics, social status, geographical location, and specific organization.

Abstract: An example system includes a processor to monitor a data asset and associated access policies to be synchronized to detect a trigger. The processor is to also request and receive data lineage information on the monitored data asset in response to detecting the trigger. The processor is to further detect a source system and a target system based on the data lineage information. The processor is also to query an access policy of the source system and an access policy of the target system. The processor is to merge the access policy of the source system and the access policy of the target system based on a predetermined merger configuration to generate a merged access policy. The processor is to update a monitoring system based on the merged access policy.

Abstract: An example computer-implemented method includes receiving, via a processor, a plurality of structured query statements associated with an application and a database. The method includes detecting, via the processor, a logical relationship between at least two of the plurality of structured query statements based on a common source, a predetermined threshold time, a common transaction. The method includes generating, via the processor, a model based on the detected logical relationship. The method further includes receiving, via the processor, a request to modify the database. The method also further includes modifying, via the processor, the database in response to detecting that a predetermined threshold probability of application functionality impairment is not exceeded.

Abstract: A method, computer program product and system for generating false data for suspicious users. A suspicious user is identified. Actions of the user are then tracked. The user attempting to access sensitive information is detected. Relevant false sensitive information corresponding to the sensitive information is then detected. The relevant false sensitive information is then mapped to the sensitive information. The relevant false sensitive information is provided to the suspicious user. In response to user input, at least one command is executed, where the at least one command includes the relevant false sensitive information and not the sensitive information.