Patent Application
20060229997
The present invention relates to a system and method for managing multi-zone information.
The development of the Internet have seen more and more users adopt it as a means to conveniently transfer data. These users may be of government officials, academic researchers, business employees or the lone individual. Business organizations may also use the Internet as a communication means between the parent company and its affiliating members.
However, the parent company cannot monitor and secure all sensitive information residing in its affiliates. There is no way of knowing whenever an employee of an affiliated company sends confidential information to a competitor via the Internet. The leaked information may result to a significant financial loss to the organization.
Therefore, what is needed is a system and method for managing multi-zone information, i.e, controlling information that resides in a wide range of geographical area.
A system for managing multi-zoned information is provided. The system includes: an information security management console (ISMC), a plurality of information security execution centers (ISECs), and a plurality of information security protection cells (ISPCs). The ISMC includes: an information security strategy defining module for defining a plurality of information security strategies files (ISSfiles) within the ISMC; an information security passport generating module for integrating the plurality of ISSfiles to generate an information security passport file (ISPfile); and an information security passport sending module for sending the ISPfile to each corresponding ISECs. Each ISEC includes: an information security passport receiving module for receiving the ISPfile from the information security passport sending module; and an information security passport distributing module for distributing the ISPfile to each corresponding ISPCs. Each ISPC includes: an information security strategy executing module for executing the ISPfile distributed from the information security passport distributing module.
A method for managing multi-zone information is provided. The method includes the steps of: defining a plurality of information security strategies files (ISSfiles) within an Information Security Management Console (ISMC); integrating the plurality of ISSfiles to generate an information security passport file (ISPfile); distributing the ISPfile to each of a plurality of corresponding Information Security Protection Cells (ISPCs); and executing the ISPfile.
Other advantages and novel features of the embodiments will be drawn from the following detailed description with reference to the attached drawings, in which:
The data transfer link 40, which may be a Router, is a means for transferring information data within the system.
The ISMC 10 may be a server or a personal computer. Typically, the ISMC 10 includes: an information security strategy defining module 101, an information security passport generating module 102, an information security passport sending module 103, and an information security report forms generating module 104. The information security strategy defining module 101 is used for defining a plurality of information security strategies files (ISSfiles). The information security passport generating module 102 is used for integrating the plurality of ISSfiles to generate an information security passport file (ISPfile). The information security passport sending module 103 is used for sending the ISPfile to each ISEC 20 via the data transfer link 40. The information security report forms generating module 104 is used for generating information security report forms and security alarm signals to a corresponding information administrator after receiving security information data transmitted from each ISEC 20 via the data transfer link 40. An information security strategy is a way or means by which each ISPC 30 restricts users activities. For example, by defining a plurality of information security strategies, the ISPC 30 can control network access, record users' activities, and so on.
The ISEC 20 may be a server or a personal computer. Typically, the ISEC 20 includes: an information security passport receiving module 201, an information security passport distributing module 202, and an information security processing module 203. The information security passport receiving module 201 is used for receiving the ISPfile from the information security passport sending module 103 via the data transfer link 40. The information security passport distributing module 202 is used for distributing the ISPfile to the corresponding ISPCs 30. The information security processing module 203 is used for receiving the security information data transmitted from each of the corresponding ISPCs 30, and transmitting the security information data to the ISMC 10 via the data transfer link 40.
The ISPC 30 may be a microcomputer or a notebook computer. Typically, the ISPC 30 includes: an information security strategy executing module 301 for executing the ISPfile that is distributed by the information security passport distributing module 202 via the data transfer link 40, and an information security collecting module 302 for collecting security information data when the information security strategy executing module 301 is executing the ISPfile, and for transmitting the security information data to the ISEC 20.
The implementation of the system can be better illustrated by an example as follows. A parent company management system for managing affiliates information security can allocate a main server in the parent company, a plurality of branch servers in the affiliates, and a plurality of microcomputers for employees of the affiliates. The main server manages the plurality of branch servers and each branch servers manages the microcomputers. Therefore, the parent company can supervise the microcomputers of its affiliates employees via the main server. For example, if the parent company defines two information security strategies files disallowing employees of its affiliates the use of Windows Messenger, and banning the use e-mail, the main server of the parent company integrates the two ISSfiles into an ISPfile, and sends the ISPfile to the branch servers of its affiliating companies. The branch servers of the affiliates distribute the ISPfile to each employee's microcomputer. Each employee's microcomputer then executes the ISPfile thereby disallowing the use of Windows Messenger and banning the use e-mail. In some ways, the main server of the parent company is analogous with the ISMC 10 of the system. Similarly, the branch server of the affiliate is analogous with the ISEC 20 of the system, and the microcomputer of the employees is analogous with the ISPC 30 of the system.
Although the present invention has been specifically described on the basis of a preferred embodiment and preferred method, the invention is not to be construed as being limited thereto. Various changes or modifications may be made to the embodiment and method without departing from the scope and spirit of the invention.
| Number | Date | Country | Kind |
|---|---|---|---|
| 94111163 | Apr 2005 | TW | national |
