Abstract: A security policy management solution (such as a Data Loss Prevention (DLP) system) is augmented to enable a user to model and visualize how changes in a security policy may impact (positively or negatively) the effectiveness of a policy configuration as well as the risk associated with its deployment. This technique enables a user (e.g., a security policy administrator) to evolve enterprise information technology (IT) security policies and, in particular, to generate and display “what-if” scenarios by which the user can determine trade-offs between, on the one hand, the effectiveness of a proposed change to a policy, and on the other hand, the risk associated with the proposed change.

Abstract: Special interest subgroups are formed by a group of participants by establishing a profile for each participant. The profile defines contribution attributes dealing with contributions the profiled participant might make to a subgroup and attribution attributes dealing with benefits the profile participant might receive from participating in the subgroup. For each possible pairing of participants in the group, an overall contribution score and an overall benefit score is calculated for each participant. A mutual benefit score is calculated by combining the benefit scores for both participants in the pair. Participants are assigned to subgroups as a function of participant contribution and mutual benefit scores.

Abstract: An authorization method is implemented in an authorization engine external to an authorization server. The authorization server includes a cache. The external authorization engine comprises an authorization decision engine, and a policy analytics engine. The method begins when the authorization decision engine receives a request for an authorization decision. The request is generated (at the authorization server) following receipt of a client request for which an authorization decision is not then available at the server. The authorization decision engine determines an authorization policy to apply to the client request, applies the policy, and generates an authorization decision. The authorization decision is then provided to the policy analytics engine, which stores previously-generated potential cache directives that may be applied to the authorization decision. Preferably, the cache directives are generated in an off-line manner (e.g.

Abstract: A method of policy management in a Data Loss Prevention (DLP) system uses a policy model that associates a user with one or more DLP endpoints. When an endpoint is added to the system, a set of policies for that endpoint are determined using an identity of the user that is associated with the endpoint and a list of roles or groups for that user. At policy distribution time, the method determines a set of endpoints to which the policy is to be distributed.

Abstract: An intermediary (such as a web reverse proxy), which is located between a web browser and one or more backend applications, manages cookies that are provided by the backend applications and returned to the web browser during a user session. The intermediary decides which cookies should be sent to the browser and which cookies should be stored therein. Preferably, this determination is made in an automated manner by examining the response for any cookie-dependent code (e.g., scripting) included in the response.

Abstract: An intermediary (such as a web reverse proxy), which is located between a web browser and one or more backend applications, manages cookies that are provided by the backend applications and returned to the web browser during a user session. When a session sign-off event is initiated in the reverse proxy, HTTP “Set-Cookie” headers are sent back to the web browser to destroy the cookies (in the browser) that represent sessions with the one or more backend application(s).

Abstract: A method for automatically removing a user from an e-mail thread is provided. An e-mail client receives a reply e-mail message. Responsive to a determination that the reply e-mail message is a message to opt-out of an e-mail thread, the e-mail address of a sender of the reply e-mail message is associated with the e-mail thread to form a listed e-mail address. The listed e-mail address is stored. When a new e-mail message is generated that is part of the e-mail thread, the listed e-mail address is automatically excluded from a list of recipients of the new e-mail.

Abstract: A method for automatically removing a user from an e-mail thread is provided. An e-mail client receives a reply e-mail message. Responsive to a determination that the reply e-mail message is a message to opt-out of an e-mail thread, the e-mail address of a sender of the reply e-mail message is associated with the e-mail thread to form a listed e-mail address. The listed e-mail address is stored. When a new e-mail message is generated that is part of the e-mail thread, the listed e-mail address is automatically excluded from a list of recipients of the new e-mail.

Abstract: In accordance with an illustrative embodiment of the present invention, a computer implemented method for dynamic management of resource utilization is provided. The computer implemented method monitors data flows of a reverse proxy web server, and determines whether a resource utilization of the reverse proxy web server exceeds a first threshold. The computer implemented method further, responsive to a determination that the resource utilization does not exceed a first threshold, determines whether the resource utilization exceeds a second threshold, responsive to a determination that the resource utilization does exceed a second threshold, filters pre-fetch directives inversely by frequency.

Abstract: An embodiment provides a computer implemented method for social profile assessment. The computer implemented method receives a request from a first user for an assessment, and sends questionnaires to a set of assessors for the first user. Upon receiving questionnaires from the set of assessors to form completed questionnaires, the computer implemented method generates an unadjusted social style assessment for the first user. Upon receiving a request from a second user for the social style assessment of the first user, the computer implemented method determines whether there are common assessors between the first user and the second user, and responsive to a determination that there are common assessors between the first user and the second user, generates an adjusted social style assessment for the first user, and returns the adjusted social style assessment for the first user to the second user.

Abstract: Following development of an application, the application is deployed in a pre-production environment. A user role plays against that application, typically by performing one or more operations as a particular user in a particular group. As the operator role plays, access logs are written, and these logs are then analyzed and consolidated into a set of commands that drive a policy generator. The policy generator creates an optimized security policy that it then deploys to one or more enforcement points. In this manner, the framework enables automated configuration and deployment of one or more security policies.

Abstract: A method for fraud detection leverages an existing financial institution's fraud classification functionality, which produces a first level detection, with a “user-centric” classification functionality, which produces a “second” or more fine-grained detection regarding a potentially fraudulent transaction. After passing through an existing (“institution-centric”) fraud detection technique, a transaction that has been identified as potentially fraudulent is then subject to further analysis and classification at the “user” level, as it is the user is presumed to be the best source of knowledge of the legitimate credit card use. Information about the transaction is shared with the consumer, preferably via one or more near real-time mechanisms, such as SMS, email, or the like. Based on the user's response (or lack thereof, as the case may be), one or more business rules in the institution's fraud detection system can then take an appropriate action (e.g.

Abstract: A computer implemented method, a tangible computer medium, and a data processing system proactively share current and upcoming schedule information. When the data processing system detects an outgoing e-mail from an e-mail client; a calendar entry is retrieved from a calendar application. The calendar entry indicates an availability of a user of the e-mail client. The calendar entry is attached to the outgoing e-mail, and the e-mail client then sends the outgoing e-mail.

Abstract: A particular web service is selected based on conformation to a particular degree-of-trust. Information about available web services is requested. Responsive to requesting that information on the particular web service, a list of possible services is presented. The list of possible services includes a plurality of services, each of the plurality having a levels-of-trust assigned thereto. An acceptable web service having an acceptable degree-of-trust can then be selected from the list of possible services. Responsive to selecting the acceptable service from the list of possible services, the acceptable service can be invoked.

Abstract: An embodiment provides a computer implemented method for social profile assessment. The computer implemented method receives a request from a first user for an assessment, and sends questionnaires to a set of assessors for the first user. Upon receiving questionnaires from the set of assessors to form completed questionnaires, the computer implemented method generates an unadjusted social style assessment for the first user. Upon receiving a request from a second user for the social style assessment of the first user, the computer implemented method determines whether there are common assessors between the first user and the second user, and responsive to a determination that there are common assessors between the first user and the second user, generates an adjusted social style assessment for the first user, and returns the adjusted social style assessment for the first user to the second user.

Abstract: In accordance with an illustrative embodiment of the present invention, a computer implemented method for dynamic management of resource utilization is provided. The computer implemented method monitors data flows of a reverse proxy web server, and determines whether a resource utilization of the reverse proxy web server exceeds a first threshold. The computer implemented method further, responsive to a determination that the resource utilization does not exceed a first threshold, determines whether the resource utilization exceeds a second threshold, responsive to a determination that the resource utilization does exceed a second threshold, filters pre-fetch directives inversely by frequency.

Abstract: A method for automatically removing a user from an e-mail thread is provided. An e-mail client receives a reply e-mail message. Responsive to a determination that the reply e-mail message is a message to opt-out of an e-mail thread, the e-mail address of a sender of the reply e-mail message is associated with the e-mail thread to form a listed e-mail address. The listed e-mail address is stored. When a new e-mail message is generated that is part of the e-mail thread, the listed e-mail address is automatically excluded from a list of recipients of the new e-mail.