150 Network Intrusion Prevention Design Guide: Using IBM Security Network IPS
5.4 Functional requirements
As mentioned in 5.1.1, “Current IT infrastructure” on page 138, the cardio
healthcare company has a mature security infrastructure in place to address
compliance needs by using Tivoli Security Information and Event Manager. The
cardio healthcare company also deployed a strong identity and access control
management solution using Tivoli Identity Manager and Tivoli Access Manager.
Governance, change management, and separation of duties are strictly enforced
across the organization.
However, to properly address the new business requirements, the cardio
healthcare company must enhance its security solution infrastructure. The cardio
healthcare company defines the following high-level functional requirements:
To better manage its compliance posture with data privacy laws and industry
regulations, the company must employ a cost-effective centralized
management solution for security configuration polices and audit data. It must
also integrate the proposed new security solution to the existing incident and
problem management solution.
To better protect all patient-related information and to address the diverse
security risks driven by, for example, eHealth initiatives, emerging
technologies, and data explosion, the company must protect against
information leakage. Such leakage might be due to intrusions and zero-day
attacks. The company must also protect its critical servers with additional
layers of intrusion prevention.
To improve the quality and availability of patient care and satisfaction by
delivering an excellent, individualized healthcare experience, and to increase
caregiver productivity and reduce administrative costs, the company must
address unavoidable delays in the IT change management processes. This
requirement will help to improve the security posture of the servers of the
company and of all nonstandard (embedded) operating systems of medical
appliances that are connected to the network.
In addition to these distinct functional requirements, which are in line with the
business requirements, the cardio healthcare company has more, generally valid
functional requirements that require examination:
Respond more in real time to intrusion detection and prevention (blocking)
Detect and, if possible, automatically counteract detected attacks.
Provide a solution that is more proactive to security threats.
The cardio healthcare company already uses some solutions to identify and
eliminate security threats that enable attacks against systems, applications, and