CPC H04L 63/205 (2013.01) [G06F 3/0482 (2013.01); G06N 5/025 (2013.01); H04L 47/20 (2013.01)] | 20 Claims |
1. A computer-implemented method for implementing security policies in a secured network, comprising:
retrieving a set of rules of a security policy, the set of rules of the security policy being used when an individual accesses and uses assets and resources of an organization, the set of rules of the security policy describing intended security access rules relating to information technology (IT) assets of the organization, the security policy being used to deal with potential security risks to the IT assets;
analyzing the set of rules of the security policy using one or more Satisfiability Modulo Theory (SMT) operations to reduce a dimensionality of the security policy;
generating a visual presentation on a user interface using results of the SMT operations, where the visual presentation includes visual indicia representing one or more targeted policy dimensions with respect to one or more fixed policy dimensions
retrieving a further set of rules of a further security policy;
analyzing the set of rules and the further set of rules to identify one or more rules of the further security policy that are not equivalent to one or more rules of the security policy; and
generating a visual presentation on a user interface showing an impact of differences between the rules of the security policy and the rules set of the further security policy with respect to one or more targeted policy dimensions and one or more fixed policy dimensions.
|