| CPC G06F 21/552 (2013.01) [G06F 21/54 (2013.01); G06F 21/554 (2013.01)] | 6 Claims |
|
1. A security policy and audit log two-way inquiry, collation, and tracking system comprising:
a security policy setting unit configured to record a security policy in an integrated security policy history database (DB) by assigning policy identification information whenever the security policy is generated and changed, manage the security policy, and transmit security policy information to a security software agent, wherein the policy identification information includes a security policy identification (ID) or includes the security policy ID and policy configuration information;
the security software agent configured to apply the security policy received by the security policy setting unit and generate an audit log by including the security policy ID or the policy configuration information related to the generated log in the log information when a log complying with the security policy or a log violating the security policy is generated;
an audit log collection unit configured to collect the audit log generated by the security software agent, extract the security policy ID or the policy configuration information from the audit log, map the collected audit log to the policy identification information by setting the security policy ID or the policy configuration information as the policy identification information, and record the mapped audit log and policy identification information in an audit log DB; and
a two-way inquiry tracking unit configured to inquire, collate and track the audit log related to the security policy, and inquire, collate, and track the security policy related to the audit log by comparing the policy identification information recorded in the integrated security policy history DB with the policy identification information recorded in the audit log DB,
wherein, in a case in which the security policy ID is recorded in the collected audit log, the audit log collection unit extracts the security policy ID and uses the security policy ID as the policy identification information, and in a case in which the security policy ID is not recorded in the collected audit log, the audit log collection unit extracts the policy configuration information, inquires the integrated security policy history DB by using the policy configuration information, obtains the security policy ID, and uses the security policy ID as the policy identification information,
wherein the security policy setting unit generates the policy configuration information that includes the security policy ID capable of uniquely identifying the security policy or includes the security policy ID and the multiple items, maps the security policy ID and the security policy, or maps the policy configuration information including the security policy ID and the multiple items with the security policy, and records the mapped security policy ID and security policy, or records the mapped policy configuration information and security policy in the integrated security policy history DB,
wherein the security policy setting unit collects the security policy which is predetermined such that the security policy ID of the security software agent is not assigned to the security policy, sets the policy configuration information including the multiple items that include subject information indicating an actor extracted from the security policy or an access path of the actor, object information indicating a target to be accessed through the actor or the access path, action information indicating contents to be executed with respect to the target to be accessed through the actor or the access path, maps the policy configuration information including the security policy ID and the multiple items to the security policy by assigning the security policy ID, and records the mapped policy configuration information and the security policy in the integrated security policy history DB,
wherein the security software agent comprises a first security software agent and a second security software agent, the first security software agent is able to operate based on the security policy ID, and the second security software agent is not able to operate based on the security policy ID,
wherein the security policy setting unit assigns the security policy ID to the security policy of the first security software agent to which the security policy ID is able to be applied, records the security policy and the assigned security policy ID in the integrated security policy history DB, transmits the security policy information including the security policy ID to the first security software agent, sets the policy configuration information with respect to the security policy of the second security software agent to which the security policy ID is not able to be applied, assigns the security policy ID, records the policy configuration information, the security policy, and the assigned security policy ID in the integrated security policy history DB, and transmits the security policy information in which the security policy ID is not included to the second security software agent,
wherein the security software agent searches for a corresponding log from the security policy information received by the security policy setting unit when the log complying with the security policy or the log violating the security policy is generated, in a case in which the corresponding security policy ID of the log is present as a result of the search and the security software agent is a security software including the security policy ID in the log, the security software agent records the audit log by including a character representing an item of the security policy ID and a value of the security policy ID in the log, in text form,
wherein, in a case in which the security software agent is a security software not including the security policy ID, or the security software agent is not including the security policy ID in the log as the security policy ID is not applied to the security policy even though the security software agent is the security software which is capable of including the security policy ID, the security software agent records the audit log by including the policy configuration information that contains a subject information item indicating an actor extracted from the security policy or an access path of the actor, an object information item indicating a target to be accessed through the actor or the access path, an action information item indicating contents to be executed with respect to the target to be accessed through the actor or the access path, and a permission/denial information item indicating whether to permit or deny contents to be executed with respect to the target to be accessed, in the text form for each item, and
wherein the system further comprises an application information setting unit configured to record and manage information including an application ID, applicant information of the security policy, and security policy application contents in an application information DB.
|