Machine learned model for generating opinionated threat assessments of security vulnerabilities
US-2024411898-A1 · Dec 12, 2024 · US
Data processing systems for identifying, assessing, and remediating data processing risks using data modeling techniques
US2021294906A1 · US · A1
| Field | Value |
|---|---|
| Publication number | US-2021294906-A1 |
| Application number | US-202117334939-A |
| Country | US |
| Kind code | A1 |
| Filing date | May 31, 2021 |
| Priority date | Jun 10, 2016 |
| Publication date | Sep 23, 2021 |
| Grant date | — |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
In various embodiments, a Data Model Adaptive Execution System may be configured to take one or more suitable actions to remediate an identified risk in view of one or more regulations (e.g., one or more legal regulations, one or more binding corporate rules, etc.). For example, in order to ensure compliance with one or more standards related to the collection and/or storage of personal data, an entity may be required to modify one or more aspects of a way in which the entity collects, stores, and/or otherwise processes personal data (e.g., in response to a change in a legal or other requirement). In order to identify whether a particular change or other risk trigger requires remediation, the system may be configured to assess a relevance of the risk posed by the risk and identify one or more processing activities or data assets that may be affected by the risk.
First claim
Opening claim text (preview).
What is claimed is: 1 . A method comprising: identifying, by computing hardware, a potential risk trigger involving data for an entity; determining, by computing hardware, a similar risk trigger, wherein the similar risk trigger is similar to the potential risk trigger and was previously experienced by at least one of the entity or a similarly situated entity; determining, by the computing hardware, a relevance of a risk posed by the potential risk trigger based on the similar risk trigger; identifying, by the computing hardware, a data model based on the data, wherein the data model comprises a representation of a plurality of data assets; analyzing, by the computing hardware, a respective plurality of inventory attributes for each of the plurality of data assets to identify a processing activity associated with a data asset of the plurality of data assets affected by the risk posed by the potential risk trigger; determining, by the computing hardware, whether to perform an action based on the processing activity and the relevance of the risk posed by the potential risk trigger; and responsive to determining to perform the action, having the action performed to remediate the risk posed by the potential risk trigger by the computing hardware. 2 . The method of claim 1 , wherein identifying the data model based on the data comprises identifying the data model based on at least one of the plurality of data assets is used to at least one of process, collect, store, or transfer the data. 3 . The method of claim 1 , wherein analyzing the respective plurality of inventory attributes to identify the processing activity associated with the data asset affected by the risk posed by the potential risk trigger comprises identifying one of the plurality of inventory attributes represents the processing activity and identifying the processing activity involves the data. 4 . The method of claim 1 , wherein the potential risk trigger comprises at least one of a breach of the data or a change in a legal or industry requirement related to the data. 5 . The method of claim 1 , wherein the action comprises at least one of modifying a level of encryption of the data or modifying a permissions for accessing the data. 6 . The method of claim 1 , wherein the action comprises at least one of modifying a source of the data or modifying an amount of time for storing the data. 7 . The method of claim 1 , wherein determining whether to perform the action based on the processing activity and the relevance of the risk posed by the potential risk trigger involves determining whether the relevance of the risk posed by the potential risk trigger satisfies a threshold risk level. 8 . The method of claim 1 , wherein the similarly situated entity comprises an entity having at least one of a same or similar geographic location as the entity, being in a same or similar industry as the entity, being a same or similar size with respect to employees as the entity, or being governed by a same or similar regulation as the entity. 9 . A system comprising: a non-transitory computer-readable medium storing instructions; and a processing device communicatively coupled to the non-transitory computer-readable medium, wherein, the processing device is configured to execute the instructions and thereby perform operations comprising: identifying a potential risk trigger involving data for an entity; determining a relevance of a risk posed by the potential risk trigger based on at least one of an amount of the data affected by the risk posed by the potential risk trigger or a type of the data affected by the risk posed by the potential risk trigger; identifying a data model based on the data, wherein the data model comprises a representation of a data asset; analyzing a plurality of inventory attributes for the data asset to identify a processing activity associated with the data asset affected by the risk posed by the potential risk trigger; determining whether to perform an action based on the processing activity and the relevance of the risk posed by the potential risk trigger; and responsive to determining to perform the action, having the action performed to remediate the risk posed by the potential risk trigger. 10 . The system of claim 9 , wherein identifying the data model based on the data comprises identifying the data model based on the data asset is used to at least one of process, collect, store, or transfer the data. 11 . The system of claim 9 , wherein analyzing the plurality of inventory attributes for the data asset to identify the processing activity associated with the data asset affected by the risk posed by the potential risk trigger comprises identifying one of the plurality of inventory attributes represents the processing activity and identifying the processing activity involves the data. 12 . The system of claim 9 , wherein determining the relevance of the risk posed by the potential risk trigger involves: determining a similar risk trigger, wherein the similar risk trigger is similar to the potential risk trigger and was previously experienced by at least one of the entity or a similarly situated entity; and determining the at least one of the amount of the data affected by the risk posed by the potential risk trigger or the type of the data affected by the risk posed by the potential risk trigger based on an amount of data affected by a risk posed by the similar risk trigger or a type of the data affected by the risk posed by the similar risk trigger. 13 . The system of claim 9 , wherein the potential risk trigger comprises at least one of a breach of the data or a change in a legal or industry requirement related to the data. 14 . The system of claim 9 , wherein the action comprises at least one of modifying a level of encryption of the data or modifying a permissions for accessing the data. 15 . The system of claim 9 , wherein the action comprises at least one of modifying a source of the data or modifying an amount of time for storing the data. 16 . The system of claim 9 , wherein determining whether to perform the action based on the processing activity and the relevance of the risk posed by the potential risk trigger involves determining whether the relevance of the risk posed by the potential risk trigger satisfies a threshold risk level. 17 . A non-transitory computer-readable medium storing computer-executable instructions that, when executed by processing hardware, configure the processing hardware to perform operations comprising: identifying a potential risk trigger involving data for an entity; determining a similar risk trigger, wherein the similar risk trigger is similar to the potential risk trigger and was previously experienced by at least one of the entity or a similarly situated entity; determining a relevance of a risk posed by the potential risk trigger based on the similar risk trigger; analyzing a plurality of inventory attributes found in a data model representing a data asset associated with the data to identify a processing activity associated with the data asset affected by the risk posed by the potential risk trigger; and determining whether to perform an action based on the processing activity and the relevance of the risk posed by the potential risk trigger, wherein responsive to determining to perform the action, the action is performed to remediate the risk posed by the potential risk trigger. 18 . The non-transitory computer-readable medium of claim 17 , wherein analyzing the plurality of invent
Assignees
Inventors
Classifications
- G06F21/577Primary
Assessing vulnerabilities and evaluating computer system security · CPC title
Vulnerability analysis · CPC title
Presentation of query results · CPC title
Entity profiles · CPC title
by securing the transmission between two devices or processes · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US2021294906A1 cover?
- In various embodiments, a Data Model Adaptive Execution System may be configured to take one or more suitable actions to remediate an identified risk in view of one or more regulations (e.g., one or more legal regulations, one or more binding corporate rules, etc.). For example, in order to ensure compliance with one or more standards related to the collection and/or storage of personal data, a…
- Who is the assignee on this patent?
- Onetrust Llc
- What technology area does this patent fall under?
- Primary CPC classification G06F21/577. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Thu Sep 23 2021 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).