Abstract: Embodiments of the invention are directed to systems, methods, and computer program products for rapid assessment of cloud frameworks to evaluate those considered for use in an enterprise context. The invention may quickly and consistently identify gaps or weaknesses of cloud frameworks or resources, assess the potential negative impact of such gaps or weaknesses, and facilitate the communication of quantifiable data to responsible parties in order to facilitate the implementation of necessary controls or actions. Embodiments of the invention are highly adaptable and dynamic in fashion such that they can be quickly and easily updated based on the changing needs of the enterprise.

Abstract: Embodiments of the invention are directed to systems, methods, and computer program products for rapid assessment of cloud frameworks to evaluate those considered for use in an enterprise context. The invention may quickly and consistently identify gaps or weaknesses of cloud frameworks or resources, assess the potential negative impact of such gaps or weaknesses, and facilitate the communication of quantifiable data to responsible parties in order to facilitate the implementation of necessary controls or actions. Embodiments of the invention are highly adaptable and dynamic in fashion such that they can be quickly and easily updated based on the changing needs of the enterprise.

Abstract: Systems, computer program products, and methods are described herein for implementing a resource evaluation engine within a technical environment. The present invention is configured to establish a communication link with a technology platform of a third party system; electronically receive, via the communication link, one or more resources associated with the technology platform of the third party system; determine one or more supervisory requirements associated with the entity; determine whether the one or more resources associated with the technology platform meets the one or more supervisory requirements associated with the entity; and validate the technology platform of the third party based on at least determining that the one or more resources associated with the technology platform meets the one or more supervisory requirements associated with the entity.

Abstract: The invention relates to a resource landscape system that allows users to identify issues with elements within the organization and implement changes to the elements utilizing a relational database that utilizes nodes for defining the elements and relationships between the elements. The resource landscape system and applications therein provide a holistic inventory of resources, threat vectors, controls, metrics, policies, rules, and/or the like. The resource landscape system may be implemented through one or more interfaces that allows users to view cross-references of the elements, identify the priority of the elements using the crossed-references, and/or identify element issues in the elements of the organization that could results in threats to the organization. Moreover, the invention allows for receiving changes to one or more of the elements and automatically updating the cross-references of the elements, the priority of the elements, and/or the element issues.

Abstract: A vertically integrated access control system may store in a database data records corresponding to the interfaces, access control rules, and computing resources of an information system, as well as data records for entity capabilities. Data records for related interfaces, access control rules, computing resources, and entity capabilities may be linked. Using the database, the system may determine the entity capabilities that can be performed based on an existing user entitlement. If the entity capabilities include a flagged combination of entity capabilities, the system may perform an information security action to remediate the flagged combination. The system may use the database to form vertically integrated access units. The vertically integrated access units may be used to form user entitlements. The system may continuously monitor whether any proposed configurations would create a flagged combination of entity capabilities, and if so take an action to prevent such flagged combination.

Abstract: A vertically integrated access control system may store in a database data records corresponding to the interfaces, access control rules, and computing resources of an information system, as well as data records for entity capabilities. Data records for related interfaces, access control rules, computing resources, and entity capabilities may be linked. Using the database, the system may determine the entity capabilities that can be performed based on an existing user entitlement. If the entity capabilities include a flagged combination of entity capabilities, the system may perform an information security action to remediate the flagged combination. The system may use the database to form vertically integrated access units. The vertically integrated access units may be used to form user entitlements. The system may continuously monitor whether any proposed configurations would create a flagged combination of entity capabilities, and if so take an action to prevent such flagged combination.

Abstract: The invention provides an interconnected graph database system, method and computer program product structured for identifying and remediating conflicts in resource deployment. In some embodiments, the present invention is configured to identify a source node of a plurality of first nodes of a first graph database system. The source node is typically associated with a first information technology operational activity. In addition, the present invention is configured for determining a lateral relationship between the source node of the first graph database system and a target node of a plurality of second nodes of a second graph database system. Moreover, the present invention is configured for determining that the lateral relationship between the source node and the target node comprises a conflict, and in response, blocking initiation of the first information technology operational activity.

Abstract: A vertically integrated access control system may store in a database data records corresponding to the interfaces, access control rules, and computing resources of an information system, as well as data records for entity capabilities. Data records for related interfaces, access control rules, computing resources, and entity capabilities may be linked. Using the database, the system may determine the entity capabilities that can be performed based on an existing user entitlement. If the entity capabilities include a flagged combination of entity capabilities, the system may perform an information security action to remediate the flagged combination. The system may use the database to form vertically integrated access units. The vertically integrated access units may be used to form user entitlements. The system may continuously monitor whether any proposed configurations would create a flagged combination of entity capabilities, and if so take an action to prevent such flagged combination.

Abstract: A vertically integrated access control system may store in a database data records corresponding to the interfaces, access control rules, and computing resources of an information system, as well as data records for entity capabilities. Data records for related interfaces, access control rules, computing resources, and entity capabilities may be linked. Using the database, the system may determine the entity capabilities that can be performed based on an existing user entitlement. If the entity capabilities include a flagged combination of entity capabilities, the system may perform an information security action to remediate the flagged combination. The system may use the database to form vertically integrated access units. The vertically integrated access units may be used to form user entitlements. The system may continuously monitor whether any proposed configurations would create a flagged combination of entity capabilities, and if so take an action to prevent such flagged combination.

Abstract: The invention relates to a resource landscape system that allows users to identify issues with elements within the organization and implement changes to the elements utilizing a relational database that utilizes nodes for defining the elements and relationships between the elements. The resource landscape system and applications therein provide a holistic inventory of resources, threat vectors, controls, metrics, policies, rules, and/or the like. The resource landscape system may be implemented through one or more interfaces that allows users to view cross-references of the elements, identify the priority of the elements using the crossed-references, and/or identify element issues in the elements of the organization that could results in threats to the organization. Moreover, the invention allows for receiving changes to one or more of the elements and automatically updating the cross-references of the elements, the priority of the elements, and/or the element issues.

Abstract: The present disclosure is directed to a novel system for a multidimensional (or “N-dimensional”) services framework. The framework may be used to evaluate the efficiency and effectiveness of various services along multiple dimensions which may be specified by the system or be added to the framework in the future. By evaluating the various possibilities and opportunities to modify the services as the services reach varying levels of maturity, the services may be compared with one another to establish the relational impacts among the services tracked by the system. Through the use of the N-dimensional framework, an entity may be better able to prioritize resources allocated toward the enhancement of certain evaluated services.

Abstract: A vertically integrated access control system may store in a database data records corresponding to the interfaces, access control rules, and computing resources of an information system, as well as data records for entity capabilities. Data records for related interfaces, access control rules, computing resources, and entity capabilities may be linked. Using the database, the system may determine the entity capabilities that can be performed based on an existing user entitlement. If the entity capabilities include a flagged combination of entity capabilities, the system may perform an information security action to remediate the flagged combination. The system may use the database to form vertically integrated access units. The vertically integrated access units may be used to form user entitlements. The system may continuously monitor whether any proposed configurations would create a flagged combination of entity capabilities, and if so take an action to prevent such flagged combination.

Abstract: A vertically integrated access control system may store in a database data records corresponding to the interfaces, access control rules, and computing resources of an information system, as well as data records for entity capabilities. Data records for related interfaces, access control rules, computing resources, and entity capabilities may be linked. Using the database, the system may determine the entity capabilities that can be performed based on an existing user entitlement. If the entity capabilities include a flagged combination of entity capabilities, the system may perform an information security action to remediate the flagged combination. The system may use the database to form vertically integrated access units. The vertically integrated access units may be used to form user entitlements. The system may continuously monitor whether any proposed configurations would create a flagged combination of entity capabilities, and if so take an action to prevent such flagged combination.

Abstract: A system for identifying anomalies in an information system is typically configured for: collecting information regarding a hierarchy of capabilities, a hierarchy of resources, capability instances, and resource instances of the information system; storing, in a graph database, nodes corresponding to the hierarchy of capabilities, hierarchy of resources, capability instances, and resource instances; collecting information regarding relationships among the hierarchy of capabilities, hierarchy of resources, capability instances, and resource instances; defining, in the graph database, edges corresponding to the relationships among the hierarchy of capabilities, hierarchy of resources, capability instances, and resource instances; collecting event and/or state data for the information system; comparing the event and/or state data to the graph database and determining that an event and/or state is anomalous; and, in response to determining that the event and/or state is anomalous, taking an information security a

Abstract: Systems, computer program products, and methods are described herein for a model framework and system for cyber security services. The present invention is configured to determine one or more access paths to the internal computing device from an external computing device; determine one or more controls associated with each access path; determine one or more types of access that may be made via one or more of the access paths by the external computing device to access the internal computing device; determine whether the one or more controls associated with the at least one of the one or more access paths is capable of detecting the access; determine one or more tools configured to regulate the one or more controls; and incorporate the one or more tools within the network to regulate the one or more controls to detect and monitor the access.

Abstract: Systems, computer program products, and methods are described herein for a model framework and system for cyber security services. The present invention is configured to determine one or more access paths to the internal computing device from an external computing device; determine one or more controls associated with each access path; determine one or more types of access that may be made via one or more of the access paths by the external computing device to access the internal computing device; determine whether the one or more controls associated with the at least one of the one or more access paths is capable of detecting the access; determine one or more tools configured to regulate the one or more controls; and incorporate the one or more tools within the network to regulate the one or more controls to detect and monitor the access.