188 Endpoint Security and Compliance Management Design Guide Using IBM Tivoli Endpoint Manager
5.1 Organization profile
The financial accounting company is a leading financial services organization
with headquarters in London. It operates on the continents of Europe, Asia, and
the Americas. The financial accounting company offers private banking and
insurance products.
The financial accounting company started as a privately held organization and
was acquired by a large universal bank in England. This bank made an initial
public offering for the financial accounting company six months ago on the New
York Stock Exchange.
The financial accounting company is expanding its worlwide operations quickly,
opening many new branch offices in the last two years. The company currently
employs approximately 80,000 employees and 40,000 contractors. The company
provides insurance products to more than 800,000 households and performs
wealth management for more than 135,000 private investors.
5.1.1 Current IT infrastructure
The financial accounting company uses mirrored and resilient data centers in
London for the European and worldwide operations. These centers also host the
mainframe system and a mirrored storage area network (SAN) for 250 TB of
data. The organization hosts a small local data center in each main office on
each continent where it operates. The data centers are in these cities:
Newark to support North American operations
Sao Paulo to support Latin American operations
Taipei to support Asian operations
Zurich, because of the regulatory restrictions in exporting banking customer
data outside of Switzerland
The financial accounting company has four satellite offices to support strategic
sales and geographical expansion:
Toronto, Canada
Tokyo, Japan
Information security sample: In the following sections, we describe
organization information that is relevant to an endpoint security and
compliance management solution. It is not intended to provide a complete
description of the organization, and the subsequent sections do not cover all
necessary activities related to information security in detail.