Abstract: An anomaly detection mechanism is provided that detects an anomaly in a control network, and includes an identifying unit to receive event information on an event that occurs, and to identify a group including a resource related to the event information by referring to a configuration management database for retaining dependence relationships between processes and resources including a control system; a policy storing unit to store one or more policies each of which associates one or more actions with a condition defining a situation suspected to have an anomaly; an adding unit to acquire group-related information needed for application to the one or more policies, and to add the acquired information to the event information; and a determining unit to apply the event information to the one or more policies and to determine the one or more actions associated with the matched condition as one or more actions to be taken.

Abstract: Deterioration of service quality due to shortage of resources and/or increased cost of support due to excessive resources is minimized in the case where the amount of requested services may change in cloud computing. Provided are mechanisms for executing a process specified by a user in a cloud computing environment and charging the user for the process. The mechanisms include a receiving part for receiving an instruction to execute the specified process and a determining part for determining an external resource to provision from a first other computer system for a charge. The mechanisms further comprise an external resource securing part for securing the external resource on the first other computer system and an executing part for causing the external resource to execute at least a part of the specified process.

Abstract: A method, system, mediation server, client, and computer program for deleting a copied file in which a master file is duplicated while maintaining a certain level of security. A mediation server receives and stores a copied file in which a master file stored in a server is duplicated, generates private-key information and public-key information, and transmits the generated public-key information and the copied file to a client. The client receives and stores the copied file and the public-key information. In a case where the copied file is updated, the client encrypts difference information on the difference arising in the updating using the public-key information and transmits the difference information to the mediation server. The client determines whether the condition for being secure is satisfied when a process for updating the copied file becomes possible. When determining that the condition is not satisfied, the client deletes the copied file.

Abstract: A method for dynamically updating a service level agreement, performed by a cloud computing server, includes storing a preference for service selection, acquiring an actual usage level of a first service provided to a user during a predetermined time period in accordance with a first service level agreement, determining a second service level agreement different from the first service level agreement based on the actual usage level acquired during the predetermined time period, and selecting a second service that satisfies the second service level agreement.

Abstract: An anomaly detection mechanism is provided that detects an anomaly in a control network, and includes an identifying unit to receive event information on an event that occurs, and to identify a group including a resource related to the event information by referring to a configuration management database for retaining dependence relationships between processes and resources including a control system; a policy storing unit to store one or more policies each of which associates one or more actions with a condition defining a situation suspected to have an anomaly; an adding unit to acquire group-related information needed for application to the one or more policies, and to add the acquired information to the event information; and a determining unit to apply the event information to the one or more policies and to determine the one or more actions associated with the matched condition as one or more actions to be taken.

Abstract: A system includes a detection unit configured to detect unauthorized access to one or more information processing apparatuses that are virtually implemented by virtual machines executed by a computer; an authorized network configured to transfer authorized access to the one or more information processing apparatuses from an external network; a honeypot network configured to transfer unauthorized access to the information processing apparatuses from the external network; and a control unit configured to connect the information processing apparatuses for which no unauthorized access has been detected to the authorized network, and connect the information processing apparatuses for which unauthorized access has been detected to the honeypot network; wherein the control unit shifts, in response to detecting unauthorized access by the detection unit, the corresponding information processing apparatus into a decoy mode in which the detected unauthorized access is disconnected from a normal operation.

Abstract: A system includes a detection unit configured to detect unauthorized access to one or more information processing apparatuses that are virtually implemented by virtual machines executed by a computer; an authorized network configured to transfer authorized access to the one or more information processing apparatuses from an external network; a honeypot network configured to transfer unauthorized access to the information processing apparatuses from the external network; and a control unit configured to connect the information processing apparatuses for which no unauthorized access has been detected to the authorized network, and connect the information processing apparatuses for which unauthorized access has been detected to the honeypot network; wherein the control unit shifts, in response to detecting unauthorized access by the detection unit, the corresponding information processing apparatus into a decoy mode in which the detected unauthorized access is disconnected from a normal operation.

Abstract: A system, method, and computer program product are provided to facilitate changing authentication information in an environment having two or more configuration items. Establishing a connection between the configuration items may require matching authentication information corresponding to the first configuration item with authentication information transmitted from the second configuration item. The system may include a repository storing at least one predetermined attribute corresponding to a configuration item, and a relation between the configuration item and another configuration item. The attribute and/or the relation may be updated by discovery that detects information regarding configuration items. In response to a request to change authentication information corresponding to the first configuration item, and based on the relation, an identification unit may identify a second configuration item influenced by the change.

Abstract: Disclosed embodiments include a computer system for receiving an encrypted password from an ID management system. The computer system sends the encrypted password to a decryption system, where the decryption system decrypts the encrypted password. The decrypted password is then transmitted to the computer system, and the computer system transfers the decrypted password to a configuration item disposed on a network. Based on the password, the configuration item sends data concerning the configuration item to the computer system.

Abstract: A computer network connects to a first computer, a second computer, other multiple computers, and a job category database A service to be executed by any of the other multiple computers is divided into multiple jobs; the job category is associated with each of the divided jobs; a region code and an instruction to execute the service are received from the first computer; and for each of the multiple jobs, the job category database is searched with the received region code and the associated job category as keys to acquire the operation identifier list corresponding to the job; the operation identifier list is transmitted to at least one of the other multiple computers; and a combination of the job, the identifier of that other computer and the identifier list are transmitted to the first computer.

Abstract: A method of managing an access right to at least one asset associated with at least one digital work order, to at least one first element associated with the at least one asset, or to at least one second element associated with an access path to the at least one asset or the first element, and relates to a system and a computer program for the same.

Abstract: A method, system and computer program of managing an access right to at least one asset associated with at least one digital work order, or to at least one element associated with the asset, and provides a system and a computer program for the same. The method includes the steps of: loading a security policy associated with the work order, the asset, or the element; starting to monitor location information of the asset or the element and a moving object, or a elapsed time of the moving object at the location; and issuing an event for managing the asset, the element or the moving object in response to the start of the work order or in response to the fact that the loaded security policy is violated by any of the locations, a change in the location, or the elapsed time at the location obtained by the monitoring.

Abstract: A system includes a detection unit configured to detect unauthorized access to one or more information processing apparatuses that are virtually implemented by virtual machines executed by a computer; an authorized network configured to transfer authorized access to the one or more information processing apparatuses from an external network; a honeypot network configured to transfer unauthorized access to the information processing apparatuses from the external network; and a control unit configured to connect the information processing apparatuses for which no unauthorized access has been detected to the authorized network, and connect the information processing apparatuses for which unauthorized access has been detected to the honeypot network; wherein the control unit shifts, in response to detecting unauthorized access by the detection unit, the corresponding information processing apparatus into a decoy mode in which the detected unauthorized access is disconnected from a normal operation.

Abstract: A system includes a detection unit configured to detect unauthorized access to one or more information processing apparatuses that are virtually implemented by virtual machines executed by a computer; an authorized network configured to transfer authorized access to the one or more information processing apparatuses from an external network; a honeypot network configured to transfer unauthorized access to the information processing apparatuses from the external network; and a control unit configured to connect the information processing apparatuses for which no unauthorized access has been detected to the authorized network, and connect the information processing apparatuses for which unauthorized access has been detected to the honeypot network; wherein the control unit shifts, in response to detecting unauthorized access by the detection unit, the corresponding information processing apparatus into a decoy mode in which the detected unauthorized access is disconnected from a normal operation.

Abstract: An anomaly detection mechanism is provided that detects an anomaly in a control network, and includes an identifying unit to receive event information on an event that occurs, and to identify a group including a resource related to the event information by referring to a configuration management database for retaining dependence relationships between processes and resources including a control system; a policy storing unit to store one or more policies each of which associates one or more actions with a condition defining a situation suspected to have an anomaly; an adding unit to acquire group-related information needed for application to the one or more policies, and to add the acquired information to the event information; and a determining unit to apply the event information to the one or more policies and to determine the one or more actions associated with the matched condition as one or more actions to be taken.

Abstract: A mechanism is provided for effectively detecting an abnormality occurring in a control system and isolating the control system in which abnormality is acknowledged. The mechanism receives, from one or more control systems in the plurality of control systems, respective abnormality notifications for respective counter control systems to be monitored by the plurality of control systems. The mechanism adds up abnormality notifications transmitted from respective monitoring sections of the plurality of control systems so as to evaluate the reputation of a control system suspected to have an abnormality. The mechanism causes a protected area for operating the control system suspected to have an abnormality to restrict outbound traffic from at least the inside of the protected area, when an indication is identified that the control system is abnormal according to criteria from a result of the evaluation.

Abstract: Disclosed embodiments include a method for receiving, at a configuration information server, an encrypted password associated with a configuration item, where the encrypted password is encrypted using an encryption key. The method further includes encrypting a decrypted password to generate a reencrypted password, where the decrypted password is derived from the encrypted password. The method further includes transmitting the reenrypted password to the configuration item and removing the decrypted password from the configuration information collection server.

Abstract: A method of managing an access right to at least one asset associated with at least one digital work order, to at least one first element associated with the at least one asset, or to at least one second element associated with an access path to the at least one asset or the first element, and relates to a system and a computer program for the same.

Abstract: A method, system and computer program of managing an access right to at least one asset associated with at least one digital work order, or to at least one element associated with the asset, and provides a system and a computer program for the same. The method includes the steps of: loading a security policy associated with the work order, the asset, or the element; starting to monitor location information of the asset or the element and a moving object, or a elapsed time of the moving object at the location; and issuing an event for managing the asset, the element or the moving object in response to the start of the work order or in response to the fact that the loaded security policy is violated by any of the locations, a change in the location, or the elapsed time at the location obtained by the monitoring.

Abstract: Deterioration of service quality due to shortage of resources and/or increased cost of support due to excessive resources is minimized in the case where the amount of requested services may change in cloud computing. Provided are mechanisms for executing a process specified by a user in a cloud computing environment and charging the user for the process. The mechanisms include a receiving part for receiving an instruction to execute the specified process and a determining part for determining an external resource to provision from a first other computer system for a charge. The mechanisms further comprise an external resource securing part for securing the external resource on the first other computer system and an executing part for causing the external resource to execute at least a part of the specified process.