Abstract: Systems, computer-implemented methods, and computer program products that can facilitate compliance policy management and scheduling are provided. According to an embodiment, a system can comprise a memory that stores computer executable components and a processor that executes the computer executable components stored in the memory. The computer executable components can comprise a policy analyzer component that identifies one or more dependency relationships between a first compliance policy and one or more second compliance policies. The computer executable components can further comprise a scheduler component that generates a policy execution plan based on the one or more dependency relationships.

Abstract: A method provides for controlling compliance remediation that includes performing compliance inspection runs by account nodes for multiple accounts. Inspection results of the inspection runs from each account node are aggregated by an account cognitive policy advisory (CPA) service. The inspection results from each account are aggregated. It is determined whether remediations are required by analyzing the inspection results combined with a current compliance mode of a server. Upon a determination that the current compliance mode of the server is a first mode, the account CPA service determines whether a policy fingerprint has changed. Upon a change to the policy fingerprint, compliance enforcement runs on the account nodes are temporarily suspended.

Abstract: Access is obtained to a plurality of intermediately transformed electronic documents (with a plurality of sections and subsections) which have been transformed, by topical analysis and text summarization techniques, from a plurality of original electronic documents comprising at least some unstructured electronic documents. Audit and retrieval agent code is appended to the sections and subsections to create a plurality of finally transformed electronic documents. Users are allowed to access the finally transformed electronic documents. The users are provided with accountability reminders contemporaneous with the access. The access of the users to the sections and subsections of the finally transformed electronic documents is logged. An audit report is provided based on the logging. Also provided is a cloud service for enterprise-level sensitive data protection with variable data granularity, using one or more one guest virtual machine images.

Abstract: Embodiments relate to an intelligent computer platform to utilize machine learning techniques to minimize compliance risk. Data, collected from a plurality of sources is subject to analysis and correlation to assess impact across data points. The assessment measures impact between at least two different compliance domains, facilitates understanding of cross-impact between compliance domains, and provides an estimation of compliance risk. A recommendation plan for one or more new compliance activities is created and dynamically subject to a machine learning reinforcement algorithm.

Abstract: A system includes a memory that stores computer executable components and neural network data, and a processor executes computer executable components stored in the memory. An assessment component assesses a computer network, and classifies the computer network relative to M network classifications stored in a repository, wherein M is an integer greater than one. A risk component determines risk of vulnerability subject to change impact regarding protection against a computer virus or cyber-attack based on historical information regarding vulnerability exposure and vulnerability remediation changes relative to the classification of the computer network. A recommendation component that generates recommendations and best action to mitigate risk and impact, and remediate the vulnerabilities based on the risk assessment and business priorities.

Abstract: Embodiments relate to an intelligent computer platform to utilize a micro-service architecture that supports secure connection and policy management for devices. The micro-services include managers to support establishment of a secure connection. The managers register devices in the architecture, and define security policies which are encoded as rules. The policies and corresponding rules are stored in a knowledge base operatively coupled to the architecture. The patterns of security policies are learned over time and used for recommending new rules or validating existing rules. The managers selectively validate one or more rules that correspond to a setting of a requesting device. The secure connection is established for a network level device determined to comply with one or more of the selectively validated rules.

Abstract: A method forms a key pair for a user. The key pair has a public key and a private key that is unique to the user and that is encrypted using a passphrase formed from an enterprise password of the user and an identification that uniquely identifies in the enterprise a device by which the user gains access. The method stores the private key in the user device and stores the public key in an enterprise server that is accessed by the user. The method provides the private key from the user device to a client, such as a SSH client, in conjunction with the password and the identification, decrypts the private key to obtain the decrypted password and the identification, and allows the user to access the enterprise server only if the decrypted password and the identification match the password and the identification provided with the private key.

Abstract: A system includes a memory that stores computer executable components and neural network data, and a processor executes computer executable components stored in the memory. An assessment component assesses a computer network, and classifies the computer network relative to M network classifications stored in a repository, wherein M is an integer greater than one. A risk component determines risk of vulnerability subject to change impact regarding protection against a computer virus or cyber-attack based on historical information regarding vulnerability exposure and vulnerability remediation changes relative to the classification of the computer network. A recommendation component that generates recommendations and best action to mitigate risk and impact, and remediate the vulnerabilities based on the risk assessment and business priorities.

Abstract: A method forms a key pair for a user. The key pair has a public key and a private key that is unique to the user and that is encrypted using a passphrase formed from an enterprise password of the user and an identification that uniquely identifies in the enterprise a device by which the user gains access. The method stores the private key in the user device and stores the public key in an enterprise server that is accessed by the user. The method provides the private key from the user device to a client, such as a SSH client, in conjunction with the password and the identification, decrypts the private key to obtain the decrypted password and the identification, and allows the user to access the enterprise server only if the decrypted password and the identification match the password and the identification provided with the private key.

Abstract: An assessment component that facilitates assessment and enforcement of policies within a computer environment can comprise a compliance component that determines whether a policy, that defines one or more requirements associated with usage of one or more enterprise components of an enterprise computing system, is in compliance with a plurality of standardized policies that govern operation of the one or more enterprise components of the enterprise computing system. The assessment component can also comprise a policy optimization component that determines one or more changes to the policy that achieve the compliance with the plurality of standardized polices based on a determination that the policy complies with a first standardized policy of the plurality of standardized policies and fails to comply with a second standardized policy of the plurality of standardized policies.

Abstract: Users of an endpoint remediation system can be assigned to different roles, from which they can request exceptions, approve exceptions, and/or enable remediation on endpoint devices. The compliance scanning and enforcing process can be automated, while allowing entities to request and/or approve certain exceptions. Therefore, security compliance for customers can be actively managed to provide visibility to the endpoint device compliance state at any time.

Abstract: Users of an endpoint remediation system can be assigned to different roles, from which they can request exceptions, approve exceptions, and/or enable remediation on endpoint devices. The compliance scanning and enforcing process can be automated, while allowing entities to request and/or approve certain exceptions. Therefore, security compliance for customers can be actively managed to provide visibility to the endpoint device compliance state at any time.

Abstract: A method, system, and/or computer program product ensures regulatory compliance during application migration to cloud-based containers. In response to receiving a message directing an application to be migrated to a container cloud, the application is matched to multiple containers described in a container registry, where each container is matched to a service that provides a server. A regulatory rule by which at least one of the server, the application, and requisite containers are governed is identified. In response to detecting a change to at least one of the server, the application, and the requisite containers so that there is noncompliance with a regulatory rule, a chain of compliance services is automatically recomposed using an artificial intelligence planning technology.

Abstract: Access is obtained to a plurality of intermediately transformed electronic documents (with a plurality of sections and subsections) which have been transformed, by topical analysis and text summarization techniques, from a plurality of original electronic documents comprising at least some unstructured electronic documents. Audit and retrieval agent code is appended to the sections and subsections to create a plurality of finally transformed electronic documents. Users are allowed to access the finally transformed electronic documents. The users are provided with accountability reminders contemporaneous with the access. The access of the users to the sections and subsections of the finally transformed electronic documents is logged. An audit report is provided based on the logging. Also provided is a cloud service for enterprise-level sensitive data protection with variable data granularity, using one or more one guest virtual machine images.

Abstract: Access is obtained to a plurality of intermediately transformed electronic documents (with a plurality of sections and subsections) which have been transformed, by topical analysis and text summarization techniques, from a plurality of original electronic documents comprising at least some unstructured electronic documents. Audit and retrieval agent code is appended to the sections and subsections to create a plurality of finally transformed electronic documents. Users are allowed to access the finally transformed electronic documents. The users are provided with accountability reminders contemporaneous with the access. The access of the users to the sections and subsections of the finally transformed electronic documents is logged. An audit report is provided based on the logging. Also provided is a cloud service for enterprise-level sensitive data protection with variable data granularity, using one or more one guest virtual machine images.

Abstract: A computer-implemented agent process running on a first computer automatically intercepts a command issued from the first computer to execute on a target computer prior to invocation of the command on the target computer. A server profile built for an application running on the target computer that supports the command may be retrieved. At least based on the server profile a risk enforcement policy is dynamically constructed. Based on the risk enforcement policy, one or more computer-executable enforcement actions to perform prior to sending the command to the target computer for execution is determined. Based on executing of one or more of the computer-executable enforcement actions, the command may be transmitted to execute on the target computer or prevented from executing on the target computer.

Abstract: A computer-implemented agent process running on a first computer automatically intercepts a command issued from the first computer to execute on a target computer prior to invocation of the command on the target computer. A server profile built for an application running on the target computer that supports the command may be retrieved. At least based on the server profile a risk enforcement policy is dynamically constructed. Based on the risk enforcement policy, one or more computer-executable enforcement actions to perform prior to sending the command to the target computer for execution is determined. Based on executing of one or more of the computer-executable enforcement actions, the command may be transmitted to execute on the target computer or prevented from executing on the target computer.

Abstract: A computer implemented method, data processing system, and computer program product control point in time access to a remote client device and auditing system logs of the remote client device by an auditing server device to determine whether monitored user activity on the remote client device associated with a work request was in compliance with one or more regulations.

Abstract: A computer implemented method, data processing system, and computer program product control point in time access to a remote client device and auditing system logs of the remote client device by an auditing server device to determine whether monitored user activity on the remote client device associated with a work request was in compliance with one or more regulations.

Abstract: A computer-implemented agent process running on a first computer automatically intercepts a command issued from the first computer to execute on a target computer prior to invocation of the command on the target computer. A server profile built for an application running on the target computer that supports the command may be retrieved. At least based on the server profile a risk enforcement policy is dynamically constructed. Based on the risk enforcement policy, one or more computer-executable enforcement actions to perform prior to sending the command to the target computer for execution is determined. Based on executing of one or more of the computer-executable enforcement actions, the command may be transmitted to execute on the target computer or prevented from executing on the target computer.