Abstract: Data processing systems and methods, according to various embodiments, are adapted for mapping various questions regarding a data breach from a master questionnaire to a plurality of territory-specific data breach disclosure questionnaires. The answers to the questions in the master questionnaire are used to populate the territory-specific data breach disclosure questionnaires and determine whether disclosure is required in territory. The system can automatically notify the appropriate regulatory bodies for each territory where it is determined that data breach disclosure is required.

Abstract: In one embodiment, an apparatus comprises a communication interface, a memory, and a processor. The communication interface is to communicate with one or more devices. The memory to store a device identity blockchain. The processor is to: receive a device identity transaction from a first device, wherein the device identity transaction comprises a device identity; compute a hash of the device identity; determine, based on the hash, whether the device identity is registered in the device identity blockchain; and upon a determination that the device identity is not registered in the device identity blockchain, add the device identity transaction to the device identity blockchain.

Abstract: A computer implemented method of a first network access point to provide network access for a mobile device, the mobile device associated with a second network access point by a digitally signed record in a blockchain wherein the blockchain is accessible via a network and includes a plurality of records validated by miner computing components, wherein the mobile device has associated a quantity of cryptocurrency by a digitally signed record in the blockchain, the method including receiving a request from the mobile device to access the network; generating a first new record for storage in the blockchain to transfer a predetermined quantity of cryptocurrency associated with the requester to be associated with the first access point, the first new record being validated by the miner components; responsive to the validation of the first new record, notifying the second access point of the request of the mobile device to access the network; responsive to a validation of a second new record in the blockchain, the

Abstract: Data processing systems and methods, according to various embodiments, are adapted for determining an applicable privacy policy based on various criteria associated with a user and the associated product or service. User and product criteria may be obtained automatically and/or based on user input and analyzed by a privacy policy rules engine to determine the applicable policy. Text from the applicable policy can then be presented to the user. A default policy can be used when no particular applicable policy can be identified using by the rules engine. Policies may be ranked or prioritized so that a policy can be selected in the event the rules engine identifies two, conflicting policies based on the criteria.

Abstract: Aspects of the disclosure relate to a data integrity system for transmission of data. A computing platform may detect transmission of data to a second enterprise computing device, and may intercept the data content in transmission. Then, the computing platform may convert the data content to an electronic file in a standardized textual format. Then, the computing platform may add an alert message to a message queue indicating that the electronic file is available for processing. Subsequently, the computing platform may cause one or more content processors to process the electronic file to identify a portion of the data content for review prior to transmission, and output a notification message to the message queue providing information related to the identified portion. Then, the computing platform may modify the data content, generate a link to the modified data content, and provide the generated link to the second enterprise computing device.

Abstract: Data processing systems and methods, according to various embodiments, are adapted for mapping various questions regarding a data breach from a master questionnaire to a plurality of territory-specific data breach disclosure questionnaires. The answers to the questions in the master questionnaire are used to populate the territory-specific data breach disclosure questionnaires and determine whether disclosure is required in territory. The system can automatically notify the appropriate regulatory bodies for each territory where it is determined that data breach disclosure is required.

Abstract: Techniques are described for analyzing data regarding activity in an IT environment to determine information regarding the entities associated with the activity and using the information to detect anomalous activity that may be indicative of malicious activity. In an embodiment, a plurality of events reflecting activity by a plurality of entities in an IT environment are processed to resolve the identities of the entities, discover how the entities fit within a topology of the IT environment, and determine what the entities are. This information is then used to generate an entity relationship graph that includes nodes representing the entities in the IT environment and edges connecting the nodes representing interaction relationships between the entities. In some embodiments, baselines are established by monitoring the activity between entities. This baseline information can be represented in the entity relationship graph in the form of directionality applied to the edges.

Abstract: An example operation may include one or more of authorizing a blockchain for a video file, generating a first tracking value for an entry block referencing the video file, the first tracking value generated based on first data and the video file, receiving second data for each of additional blocks in the blockchain, generating second tracking values based on the second data of the additional blocks, forming the additional blocks including the second tracking values, respectively, appending the additional blocks to the entry block, the entry block and the additional blocks cryptographically linked in an ordered sequence, each of the additional blocks referencing a version of the video file which corresponds to an original version of the video file as referenced by the entry block or a processed version of the video file, the second data in each of the additional blocks indicative of processing performed on the version of the video file in that block, and tracing through the blockchain based on the first and se

Abstract: Embodiments are disclosed for detecting and responding to potentially fraudulent transactions and other network access events via a system comprising a three-tiered network architecture. An example system comprises one or more user equipment devices configured with a thin client application (a first tier). The one or more user equipment devices are capable of communicating with a respective local authority controller and a local knowledge base (the second tier). The one or more local authority controllers and local knowledge bases are configured to interact with a master authority controller and master knowledge base (the third tier) to enable the efficient assessment of potentially localized fraudulent network activity and the passing of network access rule sets amongst the devices in each tier. Corresponding apparatuses and methods are also provided.

Abstract: Disclosed herein are systems and methods for forming a log during an execution of a file with vulnerabilities. In one aspect, an exemplary method comprises, discovering an activation of a trigger during an execution of a thread of a process created upon opening the file, wherein the trigger describes conditions accompanying an event which relates to an attempt to exploit a vulnerability of the file, analyzing a stack of the process created upon opening the file, and discovering a chain of function calls preceding the event in a form of a sequence of call and return addresses, analyzing the discovered chain of function calls for fulfillment of conditions of the trigger which relate to the attempt to exploit the vulnerability, and when the conditions of the trigger are fulfilled, saving information about the chain of function calls in a log.

Abstract: This disclosure relates to a system for managing personal data over a blockchain network. In an implementation, the system includes a user access provider (UAP) node in communication with a service provider (SP) node. The SP node may include an SP blockchain storing personal data on a SP transaction chain. The UAP node may store meta data of the user on a UAP transaction chain. The meta data may include access control information for the service provider to access the personal data. The UAP node may receive, from the SP node, an access request for the service provider to access a portion of the personal data of the user. The UAP node may access control information for the service provider based on the access request, update the meta data with the configured access control information, and replicate the meta data to the SP node via a blockchain transaction.

Abstract: A technique includes, in a pre-operating system environment of a computer system, a hardware processor of the computer system executing machine executable instructions to determine whether a sanitization option was selected in a prior operating system environment of the computer system. In response to determining that the sanitization option was selected, the hardware processor executes the instructions in the pre-operating system environment to determine, for an adapter of the computer system, a storage inventory associated with the adapter and sanitize the storage inventory.

Abstract: For migrating data to a remote data repository based on the security protocol capabilities of the remote data repository, a storage module identifies a security profile of a file residing in an on-premise data repository, where the security profile comprises security protocol requirements, matches the identified security profile with an entry in a list of one or more remote data repository providers, each entry comprising a security protocol capability of a corresponding remote data repository provider, and migrates, in response to finding a match of the identified security profile and the identified security protocol capability, the file to the matched remote data repository provider.

Abstract: Techniques for detecting network intrusions are disclosed. An example intrusion detection system includes a storage device to store audit data generated by a network traffic analyzer in accordance with an audit policy that determines an auditing level. The system also includes a processor to receive a case defined by a case definition, wherein the case definition comprises a plurality of symptoms and each symptom is defined by a separate symptom definition. The processor performs queries of the audit data in accordance with each of the symptoms to generate captured symptom data. The symptoms are scored based on the captured symptom data to generate symptom scores, and the symptom scores are summed to generate a case score. If the case score exceeds an alert threshold specified by the case definition, the processor issues an alert.

Abstract: Data processing systems and methods, according to various embodiments, are adapted for mapping various questions regarding a data breach from a master questionnaire to a plurality of territory-specific data breach disclosure questionnaires. The answers to the questions in the master questionnaire are used to populate the territory-specific data breach disclosure questionnaires and determine whether disclosure is required in territory. The system can automatically notify the appropriate regulatory bodies for each territory where it is determined that data breach disclosure is required.

Abstract: A management apparatus, a management system, a server system, a remote device management system, and a data deletion request method. The management apparatus acquires apparatus identification information for identifying a processing apparatus storing device event data indicating content of an event executed by a device to be managed from one or more processing apparatuses that process the device event data and requests deletion of the device event data to the processing apparatus identified by the acquired apparatus identification information in response to a device event data deletion request.

Abstract: A method for providing and managing non-direct URL fetching service for retrieving a content from a web sewer to a client device is disclosed, such as for overcoming geo-blocking or a Man-In-The-Middle (MITM) attack. The non-direct fetching method may use intermediate devices, such as proxy server, Data-Center proxy server, tunnel devices, or any combination thereof. A URL request may be sent in parallel using both direct and non-direct fetching schemes, in order to verify the need for using the non-direct fetching service. Direct or non-direct fetching scheme may be selected by using a file that associates a fetching scheme to the requested URL. The selection of the fetching mechanism may use dynamically in real-time updating of a Proxy Auto-Configuration (PAC) file. As part of an accounting scheme, quotas may be applied to a cumulative received data or a time duration of using a non-direct fetching service.

Abstract: The technology disclosed proposes a metadata-based solution to prevent malicious data egress resulting from resource-level transactions. In advance of the data egress requests, the technology disclosed crawls an organization's accounts on different cloud storage services and makes a resource list of different cloud-based resources configured under the organization's accounts. The resource list is then stored in a metadata store. When an inline proxy receives a resource-level transaction that is requesting to move a cloud-based resource outside the organization's account, the proxy looks up the metadata store and determines whether the resource-level transaction is attempting to manipulate any of the cloud-based resources listed in the resource list. If so, then the proxy blocks the resource-level transaction.

Abstract: A computer-implemented method for managing access rights to a knowledge graph is provided. The method comprises splitting, for each user system, its respective portion of the knowledge graph into a plurality of knowledge subgraphs, encrypting each of the knowledge subgraphs, and generating a plurality of private summary graphs. The method also comprises maintaining a collaboration graph comprising one vertex per user system and edges representing collaborations between the users, mapping all private subgraphs of all user systems to one public summary graph, each vertex of the public summary graph comprises less data than the related vertex of the related private summary graphs and wherein none of the vertices of the summary graph comprises any encryption or decryption key, and granting access to a selected knowledge subgraph from a first user system to a second user system.

Abstract: Computer-implemented threat detection method and systems are provided. The method comprises discovering threat data associated with a first entity, translating the threat data to one or more threat models, translating the one or more threat models, using a threat model parameter generator, to at least a parameter threat model and translating the parameter threat model to one or more identification queries. The one or more identification queries may be executed and the generated results may be translated to result data in a first format. The one or more result data models may be published from the result data in one or more formats or to one or more locations.