Abstract: Methods and apparatuses are described for enterprise access control governance in a computerized information technology (IT) architecture. A server generates a first vector space, each node in the first space representing a user of resources in the IT architecture and including attributes of the user. The server generates a second vector space, each node in the second space representing an entitlement to access resources in the IT architecture and including attributes of the entitlement. The server creates an entitlement utility matrix by mapping nodes in the first space to nodes in the second space. The server determines a set of recommended entitlements for a plurality of users based upon the utility matrix. The server determines a discrepancy between the set of recommended entitlements for a first user and a set of existing entitlements for the first user and adjusts the set of existing entitlements based upon the discrepancy.

Abstract: Methods and apparatuses are described for enterprise access control governance in a computerized information technology (IT) architecture. A server generates a first vector space, each node in the first space representing a user of resources in the IT architecture and including attributes of the user. The server generates a second vector space, each node in the second space representing an entitlement to access resources in the IT architecture and including attributes of the entitlement. The server creates an entitlement utility matrix by mapping nodes in the first space to nodes in the second space. The server determines a set of recommended entitlements for a plurality of users based upon the utility matrix. The server determines a discrepancy between the set of recommended entitlements for a first user and a set of existing entitlements for the first user and adjusts the set of existing entitlements based upon the discrepancy.

Abstract: Methods and apparatuses are described for enterprise access control governance in a computerized information technology (IT) architecture. A server generates a first vector space, each node in the first space representing a user of resources in the IT architecture and including attributes of the user. The server generates a second vector space, each node in the second space representing an entitlement to access resources in the IT architecture and including attributes of the entitlement. The server creates an entitlement utility matrix by mapping nodes in the first space to nodes in the second space. The server determines a set of recommended entitlements for a plurality of users based upon the utility matrix. The server determines a discrepancy between the set of recommended entitlements for a first user and a set of existing entitlements for the first user and adjusts the set of existing entitlements based upon the discrepancy.

Abstract: Embodiments of the invention relate to systems, methods, and computer program products for monitoring and/or controlling access to entitlements. For example, in one embodiment a computer program product is configured to periodically examine the members of a particular community in an organization and automatically identify members in the community that have access to software applications, datasets, or other organizational resources that are uncommon in the community, which may indicate that the member should not have access to the such resources. The computer program product of embodiments of the invention is also configured to automatically and periodically determine the resources that members of the same community should all probably have access to. As such, embodiments of the present invention allow an organization to more efficiently monitor and control access to its resources and other entitlements.

Abstract: Apparatus and method for managing risk in an environment where information is received regarding a problem in an environment. A security risk is analyzed associated with the problem. Controls associated with the environment containing the problem are analyzed. A framework is generated defining one or more controls for mitigating the security risk responsive to the analyzed security risk and controls.

Abstract: Embodiments of the present invention are directed to methods, systems and computer program products for a control transparency framework which is, in one embodiment, a transparent (i.e. easy to understand) and actionable risk/reward approach for organizational processes, controls, training and development. The control transparency framework method includes identifying threats to an organization, developing a risk score for each of the threats to develop a threat portfolio, developing a maturity portfolio, developing a control portfolio, determining a gap portfolio, and developing a control transparency portfolio to close gaps. A gap exists between a target state maturity level of each identified threat and a current maturity level of each control assigned to handle each identified threat, such that the gap occurs if the target state maturity level is at a level that is lower than the control maturity level.

Abstract: A system and method for managing unstructured data that includes identifying at least one unstructured data environment with unstructured data, identifying mitigating controls in each of the unstructured data environments, the mitigating controls reducing a security risk associated with each of the unstructured data environments, and generating at least one process for managing the unstructured data in each of the unstructured data environments, the process including defining mitigating controls for managing the unstructured data in each of the unstructured data environments.

Abstract: Embodiments of the invention relate to systems, methods, and computer program products for monitoring and/or controlling access to entitlements. For example, in one embodiment a computer program product is configured to periodically examine the members of a particular community in an organization and automatically identify members in the community that have access to software applications, datasets, or other organizational resources that are uncommon in the community, which may indicate that the member should not have access to the such resources. The computer program product of embodiments of the invention is also configured to automatically and periodically determine the resources that members of the same community should all probably have access to. As such, embodiments of the present invention allow an organization to more efficiently monitor and control access to its resources and other entitlements.

Abstract: Apparatus and method for managing risk in an environment where information is received regarding a problem in an environment. A security risk is analyzed associated with the problem. Controls associated with the environment containing the problem are analyzed. A framework is generated defining one or more controls for mitigating the security risk responsive to the analyzed security risk and controls.

Abstract: A system and method for managing unstructured data that includes identifying at least one unstructured data environment with unstructured data, identifying mitigating controls in each of the unstructured data environments, the mitigating controls reducing a security risk associated with each of the unstructured data environments, and generating at least one process for managing the unstructured data in each of the unstructured data environments, the process including defining mitigating controls for managing the unstructured data in each of the unstructured data environments.

Abstract: A method for automated risk management may include presenting a rule request graphical user interface (GUI) for a requester to enter information related to a rule request for a rule. The method may also include determining a risk rating score for the rule based on information entered in the rule request GUI. The information may include at least one of source information, destination information, service information and port information.

Abstract: A method for automated risk management may include presenting a rule request graphical user interface (GUI) for a requester to enter information related to a rule request for a rule. The method may also include determining a risk rating score for the rule based on information entered in the rule request GUI. The information may include at least one of source information, destination information, service information and port information.