Book description
Security is a major consideration in the way that business and information technology systems are designed, built, operated, and managed. The need to be able to integrate security into those systems and the discussions with business functions and operations exists more than ever.
This IBM® Redbooks® publication explores concerns that characterize security requirements of, and threats to, business and information technology (IT) systems. This book identifies many business drivers that illustrate these concerns, including managing risk and cost, and compliance to business policies and external regulations. This book shows how these drivers can be translated into capabilities and security needs that can be represented in frameworks, such as the IBM Security Blueprint, to better enable enterprise security.
To help organizations with their security challenges, IBM created a bridge to address the communication gap between the business and technical perspectives of security to enable simplification of thought and process. The IBM Security Framework can help you translate the business view, and the IBM Security Blueprint describes the technology landscape view. Together, they can help bring together the experiences that we gained from working with many clients to build a comprehensive view of security capabilities and needs.
This book is intended to be a valuable resource for business leaders, security officers, and consultants who want to understand and implement enterprise security by considering a set of core security capabilities and services.
Table of contents
- Front cover
- Notices
- Foreword
- Summary of changes
- Chapter 1. Introducing the IBM Security Framework and IBM Security Blueprint
-
Chapter 2. The components of the IBM Security Blueprint
- 2.1 Foundational Security Management
-
2.2 Subcomponents
- 2.2.1 Command and Control Management
- 2.2.2 Security Policy Management
- 2.2.3 Risk and Compliance Assessment
- 2.2.4 Identity, Access, and Entitlement Management
- 2.2.5 Data and Information Protection Management
- 2.2.6 Software, System, and Service Assurance
- 2.2.7 Threat and Vulnerability Management
- 2.2.8 IT Service Management
- 2.2.9 Physical Asset Management
- 2.3 Conclusion
-
Chapter 3. IT security frameworks and standards
- 3.1 Industry information security and privacy standards profile model
- 3.2 TOGAF
- 3.3 IBM Unified Method Framework
- 3.4 Sherwood Applied Business Security Architecture
- 3.5 Control Objectives for Information and Related Technology
- 3.6 ISO/IEC 27002:2005
- 3.7 Payment Card Industry Data Security Standard
- 3.8 Sarbanes-Oxley Act
- 3.9 Health Insurance Portability and Accountability Act
- 3.10 Conclusion
- Chapter 4. Using O-ESA to develop an enterprise security architecture
-
Chapter 5. Business scenario for the Mobile Device Security solution pattern
- 5.1 Company overview
- 5.2 Business vision
- 5.3 Business requirements
- 5.4 Security requirements
-
5.5 Security architecture
- 5.5.1 Gathering requirements
- 5.5.2 Defining strategy, planning, and policies from the requirements (program management and governance)
- 5.5.3 Defining security domains (logical architecture)
- 5.5.4 Defining security services placement in the security domains
- 5.5.5 Defining a component model for the security services (logical architecture)
- 5.5.6 Use case
- 5.5.7 Operational model
- 5.5.8 Defining security operations for the concerned security services
- 5.6 Conclusion
- Related publications
- Back cover
Product information
- Title: Using the IBM Security Framework and IBM Security Blueprint to Realize Business-Driven Security
- Author(s):
- Release date: April 2013
- Publisher(s): IBM Redbooks
- ISBN: None
You might also like
book
SOC for Supply Chain
Internal and external forces such as globalization, global interconnectivity, automation, and other technological advancements are making …
book
Security and Privacy in Cyber-Physical Systems
Written by a team of experts at the forefront of the cyber-physical systems (CPS) revolution, this …
book
Leading the Internal Audit Function
In this book, the author presents lessons learned from her extensive experience as a CAE to …
book
Configuration Management for Senior Managers
Configuration Management for Senior Managers is written to help managers in product manufacturing and engineering environments …