Abstract: A method, computer program product and system for generating false data for suspicious users. A suspicious user is identified. Actions of the user are then tracked. The user attempting to access sensitive information is detected. Relevant false sensitive information corresponding to the sensitive information is then detected. The relevant false sensitive information is then mapped to the sensitive information. The relevant false sensitive information is provided to the suspicious user. In response to user input, at least one command is executed, where the at least one command includes the relevant false sensitive information and not the sensitive information.

Abstract: A method, computer program product and system for preventing unauthorized access of confidential information. The transmission of data from a first user to a second user is detected. An authorization level corresponding to the second user is then determined. Furthermore, a probability that the authorization level corresponding to the second user and the data is accurate is generated. Additionally, a determination is made that the data includes sensitive information that the second user is not authorized to access based on the authorization level. Moreover, the data can be modified based on the probability, where the data is to be redacted if the probability is within a range of a threshold value or the data is to be blocked from transmission if the probability is above the range.

Abstract: A computer-implemented method is provided. The method may include determining a behavioral pattern of a user based on historical data access events and historical data access conditions corresponding to the historical data access events, wherein the data access events are associated with a computer enterprise system. A data access request from the user with respect to a secure resource may be received from a computing node connected to the computer enterprise system. A behavioral state of the user may be determined with respect to the data access request and data access conditions corresponding to the data access request. A discrepancy between the behavioral pattern and the behavioral state of the user may be detected. A security risk level may be determined based on the discrepancy. In response to determining that the security risk level exceeds a predetermined threshold, a security action may be performed with respect to the secure resource.

Abstract: Data lineage including a plurality of levels can be received. A configuration also can be received. A three dimensional (3D) virtual reality (VR) model can be built, the 3D VR model including a plurality of floors based on data lineage content corresponding to the plurality of levels and the configuration. The 3D VR model can depict, on at least a first of the plurality of floors, a plurality of rooms of a virtual building representing data elements and hallways of the building representing data flows between data elements. A view of the 3D VR model can be displayed on a display device, wherein the 3D VR model is configured for a user to navigate the plurality of the rooms and hallways of the virtual building to determine lineage of data.

Abstract: A method, computer program product and system for generating false data for suspicious users. A suspicious user is identified. Actions of the user are then tracked. The user attempting to access sensitive information is detected. Relevant false sensitive information corresponding to the sensitive information is then detected. The relevant false sensitive information is then mapped to the sensitive information. The relevant false sensitive information is provided to the suspicious user. In response to user input, at least one command is executed, where the at least one command includes the relevant false sensitive information and not the sensitive information.

Abstract: A method, computer program product and system for generating false data for suspicious users. A suspicious user is identified. Actions of the user are then tracked. The user attempting to access sensitive information is detected. Relevant false sensitive information corresponding to the sensitive information is then detected. The relevant false sensitive information is then mapped to the sensitive information. The relevant false sensitive information is provided to the suspicious user. In response to user input, at least one command is executed, where the at least one command includes the relevant false sensitive information and not the sensitive information.

Abstract: Receiving contextual data including a facial movement associated with an active document. A response associated with the active document is detected and associated with the received contextual data. A contextual metadata tag is generated based on the detected response to the active document. A contextual keyword is created that corresponds to the contextual metadata tag. Search results received in response to the query are filtered based on the contextual metadata tag.

Abstract: Disclosed embodiments provide techniques for accessing a document from a cloud storage system and controlling the display of sensitive data within the document based on user permissions. One or more restricted information segments are identified within a document to be stored on the cloud storage system. Restricted information segments can include anything within an electronic file for which it is desired to provide multiple levels of access. In some embodiments, the restricted information segments are automatically identified via computer-implemented natural language processing (NLP) techniques. For each restricted information segment, one or more alternative data sequences are generated. The alternative data sequences are encrypted using various keys residing on a client device associated with a user. The keys can be used to decrypt data stored within a multiple-value encrypted field structure.

Abstract: Embodiments of the present invention disclose methods and systems which receive a user credential corresponding to a user, a task to be performed by the user, a security policy including a user role, and sensitive information. These methods and systems dynamically provision virtual machines including un-redacted information from received sensitive information. Furthermore, a set of tools process the redacted information, based on the user credential, the task to be performed, and the security policy.

Abstract: An example system includes a processor to monitor a data asset and associated access policies to be synchronized to detect a trigger. The processor is to also request and receive data lineage information on the monitored data asset in response to detecting the trigger. The processor is to further detect a source system and a target system based on the data lineage information. The processor is also to query an access policy of the source system and an access policy of the target system. The processor is to merge the access policy of the source system and the access policy of the target system based on a predetermined merger configuration to generate a merged access policy. The processor is to update a monitoring system based on the merged access policy.

Abstract: A method, computer program product and system for generating false data for suspicious users. A suspicious user is identified. Actions of the user are then tracked. The user attempting to access sensitive information is detected. Relevant false sensitive information corresponding to the sensitive information is then detected. The relevant false sensitive information is then mapped to the sensitive information. The relevant false sensitive information is provided to the suspicious user. In response to user input, at least one command is executed, where the at least one command includes the relevant false sensitive information and not the sensitive information.

Abstract: Disclosed herein is a system and method that can retrieve, via a file monitor, a file and policy data from a case management system or a content management system, wherein the file and the policy data are retrieved in response to detecting a user request for the file. A processor can also modify, via the file monitor, access to the file based on the policy data, and intercept a plurality of document management instructions executed with the file. The processor can also detect at least one of the document management instructions is a malicious action, wherein the malicious action is detected based on the policy data, wherein the policy data is updated in response to detecting each of the document management instructions. Additionally, the processor can execute a policy instruction to prevent execution of the at least one document management instruction.

Abstract: A method, computer program product and system for generating false data for suspicious users. A suspicious user is identified. Actions of the user are then tracked. The user attempting to access sensitive information is detected. Relevant false sensitive information corresponding to the sensitive information is then detected. The relevant false sensitive information is then mapped to the sensitive information. The relevant false sensitive information is provided to the suspicious user. In response to user input, at least one command is executed, where the at least one command includes the relevant false sensitive information and not the sensitive information.

Abstract: Disclosed embodiments provide techniques for accessing a document from a cloud storage system and controlling the display of sensitive data within the document based on user permissions. One or more restricted information segments are identified within a document to be stored on the cloud storage system. Restricted information segments can include anything within an electronic file for which it is desired to provide multiple levels of access. In some embodiments, the restricted information segments are automatically identified via computer-implemented natural language processing (NLP) techniques. For each restricted information segment, one or more alternative data sequences are generated. The alternative data sequences are encrypted using various keys residing on a client device associated with a user. The keys can be used to decrypt data stored within a multiple-value encrypted field structure.

Abstract: A method, computer program product and system for preventing unauthorized access of confidential information. The transmission of data from a first user to a second user is detected. An authorization level corresponding to the second user is then determined. Furthermore, a probability that the authorization level corresponding to the second user and the data is accurate is generated. Additionally, a determination is made that the data includes sensitive information that the second user is not authorized to access based on the authorization level. Moreover, the data can be modified based on the probability, where the data is to be redacted if the probability is within a range of a threshold value or the data is to be blocked from transmission if the probability is above the range.

Abstract: Data lineage including a plurality of levels can be received. A configuration also can be received. A three dimensional (3D) virtual reality (VR) model can be built, the 3D VR model including a plurality of floors based on data lineage content corresponding to the plurality of levels and the configuration. The 3D VR model can depict, on at least a first of the plurality of floors, a plurality of rooms of a virtual building representing data elements and hallways of the building representing data flows between data elements. A view of the 3D VR model can be displayed on a display device, wherein the 3D VR model is configured for a user to navigate the plurality of the rooms and hallways of the virtual building to determine lineage of data.

Abstract: A method, computer program product and system for preventing unauthorized access of confidential information. The transmission of data from a first user to a second user is detected. An authorization level corresponding to the second user is then determined. Furthermore, a probability that the authorization level corresponding to the second user and the data is accurate is generated. Additionally, a determination is made that the data includes sensitive information that the second user is not authorized to access based on the authorization level. Moreover, the data can be modified based on the probability, where the data is to be redacted if the probability is within a range of a threshold value or the data is to be blocked from transmission if the probability is above the range.

Abstract: A computer-implemented method is provided. The method may include determining a behavioral pattern of a user based on historical data access events and historical data access conditions corresponding to the historical data access events, wherein the data access events are associated with a computer enterprise system. A data access request from the user with respect to a secure resource may be received from a computing node connected to the computer enterprise system. A behavioral state of the user may be determined with respect to the data access request and data access conditions corresponding to the data access request. A discrepancy between the behavioral pattern and the behavioral state of the user may be detected. A security risk level may be determined based on the discrepancy. In response to determining that the security risk level exceeds a predetermined threshold, a security action may be performed with respect to the secure resource.

Abstract: An example system includes a processor to receive data lineage including a plurality of levels, and a configuration. The processor is to also build a three dimensional (3D) virtual reality (VR) model including a first floor based on data lineage content corresponding to a first level of the plurality of levels and the configuration. The processor is to further display a view of the 3D VR model.

Abstract: Embodiments of the present invention disclose a method, computer program product, and system for text author anonymization for de-identification of written text. This may be used to replace written text after learning text author writing characteristics, such frequently written terms, grammar patterns, grammar errors, and writing tone. Portions of the written text which may identify the text author may be replaced, for example the text author writing characteristics, social status, geographical location, and specific organization.