1 White paper September 2009 Realizing business value with mainframe security management
2 Page 2 Contents 2 Executive summary 2 Meeting today s security challenges 3 Addressing risks in the mainframe environment 5 Comprehensive mainframe security from IBM 5 Driving ROI with Tivoli Security Management for z/os 13 The mainframe as an enterprise security hub 14 Tivoli Security Management for z/os in action 15 Building a business case for Tivoli Security Management for z/os 15 For more information Executive summary With a globally integrated market and highly complex, dynamic environments, crimes such as credit card fraud, data breaches, and privacy violations make security a top concern. Organizations need to stay competitive by protecting themselves against security threats while staying focused on their core business activities. IBM Tivoli Security Management for z/os can help organizations secure their environments by leveraging their mainframe as the enterprise security hub. This IBM solution can help drive return on investment through: Simplified security administration for increased productivity. Command verification for increased administration quality, accuracy, and policy enforcement. Automated audit reporting for increased speed and efficiency. Consistent compliance management across your financial and privacysensitive applications and data. Meeting today s security challenges Organizations face a wide range of challenges to the security of their systems and confidentiality of their data. To take advantage of opportunities and mitigate risk in the global marketplace, organizations must more efficiently manage operational cost and complexity and deliver continuous, high-quality service. They must address internal and external security threats that have intensified as a result of innovation, emerging technologies, and exponential data growth. Additionally, organizations must enforce policies and demonstrate compliance with a growing number of regulations.
3 Page 3 Effective security must be applied within a business context and fused into the fabric of the business rather than added on as problems occur. The increasing frequency and sophistication of computer crime, amplified by the accessibility and anonymity afforded by the Internet, make security a high priority for all entities. Advances in technology have enabled business innovation but have equally enabled cyber crime, leading to an array of new security threats and accelerating the need for even more sophisticated security. However, effective security must be applied within a business context and fused into the fabric of the business rather than added on as problems occur. Meeting today s security challenges means that organizations must enable the secure delivery of service while cost-effectively managing threats and compliance. Organizations must be able to trust the identities of the people using their systems, including employees, customers and business partners. They must efficiently manage access according to organizational roles, and they must secure application services such as payroll, online banking, loan applications, retail sales, and inventories. In addition, organizations must protect data throughout their environments whether at rest or in transit. They must also expand and intensify monitoring solutions and activities to be able to detect threats and vulnerabilities and to prevent confidential data disclosure and system outages. Addressing risks in the mainframe environment Mainframe environments have a reputation for resilience, availability, and effective security due to their robust hardware, reliable operating systems, secure storage, and dependable security components. For this reason, many organizations choose to run critical applications on mainframes. The same characteristics can be used to enable the mainframe as an enterprise security hub.
4 Page 4 Mainframe security must address new risks, enable automated audit analysis and compliance reporting, significantly reduce cost and complexity, and provide a strong ROI. Mainframes can facilitate secure collaboration by centralizing operations with shared data so that organizations can move away from decentralized, distributed security. Organizations can take advantage of mainframe extensibility and scalability by consolidating disparate systems to improve efficiencies, synthesize the operations of multiple organizations as a result of mergers and acquisitions, and standardize system management practices across all computing resources. This use of the mainframe as a management and data hub has become increasingly common in enterprises and has proved to be an effective means of reducing power consumption as well as licensing and floor space requirements compared to distributed systems. Because mainframes are increasingly used in these new ways, mainframe security must address new risks, enable automated audit analysis and compliance reporting, significantly reduce cost and complexity, and provide a strong return on investment (ROI). An organization s ROI is defined by tangible benefits that can translate directly to monetary gain. ROI can take the form of cost avoidance, such as through productivity improvements that extend labor capacity or reduce labor costs, or through scalability features that reduce capital expenses. ROI can be generated through higher systems availability and improved service levels, or through the ability to devote staff time to more strategic initiatives. You can also improve ROI by reducing security risks; avoiding fines, penalties and costs of security breaches and reducing the costs associated with audit and compliance efforts. This paper shows how organizations can reduce costs and improve ROI by leveraging IBM Tivoli Security Management for z/os and the superior security environment available on IBM System z mainframes.
5 Page 5 IBM Tivoli Security Management for z/os is a comprehensive mainframe security solution designed to enhance and accelerate security management with security administration, user management, and automated audit and compliance reporting for IBM z/os RACF. Comprehensive mainframe security from IBM Due to the widespread use of mainframes as security or data hubs in addition to traditional mainframe roles, organizations of all sizes can gain competitive advantages by utilizing Tivoli Security Management for z/os on System z mainframes. Tivoli Security Management for z/os is a comprehensive mainframe security solution designed to enhance and accelerate security management for IBM z/os Resource Access Control Facility (RACF ) with: Simplified security administration provides an efficient, user-friendly layer to help you define and grant access to users and groups in real time. Command verification and policy enforcement provides consistent policy enforcement and reduces security administration errors by intercepting and scanning security commands. Automated security auditing and reporting provides comprehensive auditing that can detect and report security events and exposures on mainframes. Compliance reporting when running with RACF collects and stores event records using automated log capabilities, provides dashboard summaries and enables retrieval of events for follow-up investigation. Driving ROI with Tivoli Security Management for z/os Each of the key functions within Tivoli Security Management for z/os delivers distinct benefits that can help you reduce costs and improve ROI while managing risk and improving service on the mainframe.
6 Page 6 Tivoli Security Management for z/os provides simplified security administration through a userfriendly layer that helps you define and grant access to users and groups in real time. Achieve savings with simplified security administration Tivoli Security Management for z/os provides simplified security administration through a user-friendly layer that helps you define and grant access to users and groups in real time. This streamlined approach minimizes the time needed to provision new users, resulting in improved productivity for users and administrators alike. The security administration function can also help administrators determine which resources a user can access by displaying all authorizations, and by cross-referencing users and groups. Likewise, helpdesk support for password resets and similar issues can be reduced by automating common functions. Security rules from different databases can be merged efficiently to enable consolidation, and administrators can copy or move users, groups, resources, applications, or entire databases between systems. In addition, administrators can improve availability and reduce impacts to production databases by testing scenarios with offline RACF copies of production databases. Tivoli Security Management for z/os can provide significant savings by reducing administrative overhead for policy and security management tasks. It can also improve productivity by reducing wait times for users. Other savings can be achieved using the simplified security administration function within Tivoli Security Management for z/os. For example, users can view data in real time from the live RACF database to verify the effect of changes that have been made without having to wait for a refresh of the unloaded RACF database. Administrators can also compare multiple users that perform the same job functions and determine whether they have access to the same resources. This comparison enables administrators to ensure that users are given only the access they need to do their jobs.
7 Page 7 In addition, administrators can select any given dataset and view a list of users who have access to that data. As a result, they can quickly pinpoint mistakes before they become threats to security and compliance. The simplified security administration function also enables a highly efficient RACF database cleanup, which helps improve integrity and therefore the value of the data. A university IT department gained these benefits and more from the simplified security administration function in Tivoli Security Management for z/os. Their IT department consists of two system programmers and a help desk. The function of the help desk is to assist with password resets while the system programmers create new user IDs and define user access roles in the mainframe. The system programmers wanted to find a solution that could simplify the process of creating and maintaining student user IDs. By implementing Tivoli Security Management for z/os, the system programmers gained IT department labor savings with a user-friendly layer on top of RACF that enables simplified security administration. They can use it to define and grant access to users and user groups, set and reset user IDs and passwords, and display all authorizations or a cross-reference of a user ID or user group. As a result of the labor savings the IT department gained, the system programmers were able to spend more time working on more high-value objectives. The Command Verifier within Tivoli Security Management for z/os provides policy enforcement, protecting your system from both intentional and accidental noncompliant security actions. Reduce costly errors and security risks through command verification and policy enforcement The Command Verifier within Tivoli Security Management for z/os provides policy enforcement by intercepting and scanning security commands to identify risky commands, generate alerts, create audit records, and optionally reject or modify the commands prior to execution. The Command Verifier can enforce security policies such as naming conventions, strong security defaults, installation access level standards, and controls on security administrator privileges and commands.
8 Page 8 A government agency improved ROI by using the Command Verifier function in Tivoli Security Management for z/os, mitigating risks that could have cost the agency millions of dollars. The Command Verifier can limit administrative authority, prevent mistakes, and detect potential abuse of administrative privileges. As a result, it can protect your system from both intentional and accidental non-compliant security actions. It enables administrators to detect policy violations quickly so that you can correct the issues before they cause security exposures or enable abuse. Because the Command Verifier is automated, its features can provide significant compliance management savings through policy enforcement, error reduction, and minimizing rework. In addition, it offers security tool customization to meet your organization s specific needs without risky installation exit programs. A government agency improved ROI by using the Command Verifier function in Tivoli Security Management for z/os. The agency needed a mainframe security solution that could facilitate compliance with security policy and regulatory audit requirements. By implementing Tivoli Security Management for z/os, the agency gained the ability to take snapshots of the active RACF database as well as the ability to unload files to analyze the state of system security. They were also able to report on questionable system options and dangerous settings of privileged users, automate System Management Facility (SMF) analysis, detect library changes, and track changes in security settings. Before implementing Tivoli Security Management for z/os, the agency stated that its privileged users could cost the agency millions of dollars through unintentional configuration errors and careless security commands. Malicious users with authorized access could inflict even worse damage. By mitigating these risks, Tivoli Security Management for z/os provided the agency with peace of mind as well as a significant return on investment.
9 Page 9 Tivoli Security Management for z/os provides comprehensive auditing that can detect and report security events and exposures on mainframes, providing a comprehensive audit trail. Reduce administrative overhead with automated security auditing and reporting Tivoli Security Management for z/os provides comprehensive auditing that can detect and report security events and exposures on mainframes. It works by analyzing SMF log files to create a comprehensive audit trail that includes RACF, IBM DB2, and UNIX (see Figure 1). As a result, administrators can simplify and automate the handling of mainframe events. Customizable reports prioritize security concerns so that administrators can address the most important issues first. Administrators can choose to receive reports daily, only when specified events occur, or when security breaches occur. In addition, the audit components can automatically send mainframe security events to the compliance management component so that appropriate reports can be generated. Automated policy management and intrusion management can significantly reduce administrative overhead. Automated audit analysis can save inspection time, and automated reporting and alerts can enable rapid response to help prevent threats and reduce downtime. And, because many issues can also be repaired automatically, IT administrators can spend time on higher priority projects. In addition, your organization can reduce audit preparation time thanks to automated processes that are aligned with audit requirements. Figure 1: Tivoli Security Management for z/os enables automated security auditing, reporting, and alerting of RACF, DB2, and UNIX.
10 Page 10 A large European financial services institution improved ROI by using the automated policy management and intrusion management function in Tivoli Security Management for z/os. The organization wanted to replace its mainframe security software with a solution that would provide auditing, online alerting, and reporting while reducing the total cost of ownership for its mainframe platform. From the start, they were able to easily identify audit concerns with the added benefit of being able to fix them. The audit concerns identified are automatically prioritized, enabling effective security planning and prioritization of the required remediation work. Using the reporting language, they were able to generate a weekly management report for use by senior management and internal audit to track the number of audit concerns with a view of those numbers reducing week by week. By implementing Tivoli Security Management for z/os, the financial services organization was able to manage multiple RACF environments with only three specialized authority employees, despite the company s large size. With automated security auditing and reporting capabilities, the solution enabled the organization to address its security management issues as well as reduce the time and cost of managing employee access to information. A major European-based insurance company realized dramatic administrative cost savings by implementing Tivoli Security Management for z/os. A major European-based insurance company has noted the following administration and auditing savings with Tivoli Security Management for z/os: Continuous automated auditing and corrective controls saves one month of administrative time per year in clean-up effort. Creating custom reports using the product s reporting language rather than using other programming languages saves one to two months of effort each year, including CPU savings. Bulk RACF command generation for administration also saves two administrative months per year. Self service, automated reporting to business units saves one month per year in report generation.
11 Page 11 Tivoli Security Management for z/os provides dashboards that display activities taking place throughout your environment. Reduce audit time and costs with consistent compliance reporting To help you manage security compliance efficiently, Tivoli Security Management for z/os provides dashboards that display activities taking place throughout your environment. The compliance function within Tivoli Security Management for z/os collects, stores, investigates, and retrieves logs using automated log capabilities from virtually any platform, enabling you to integrate mainframe logs into enterprise reports (see Figure 2). Tivoli Security Management for z/os, along with Tivoli Compliance Insight Manager, also features an advanced reporting engine that can create reports designed to document your level of compliance with Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry (PCI) Data Security Standards, Sarbanes-Oxley (SOX), the International Organization for Standardization (ISO), Basel II, and other regulations or standards. This cost-effective compliance monitoring and reporting function closes the security management loop (see Figure 3) and enables you to take corrective actions when you discover security exposures in your systems. Figure 2: Tivoli Security Management for z/os, along with Tivoli Compliance Insight Manager, provides dashboards to help you track compliance throughout your environment.
12 Page 12 Figure 3: Tivoli Security Management for z/os offers comprehensive compliance features to close the security loop. The automated compliance reporting function within Tivoli Security Management for z/os can provide significant cost avoidance by saving administration and audit overhead and reducing the time needed to provide proof of compliance. Automated log management enables universal collection, storage, and easy retrieval and investigation. Integrated forensic capabilities can help you analyze user behavior and reduce the risk of damage from internal and external threats.
13 Page 13 Aviva in the UK has successfully avoided significant labor costs associated with manual compliance reporting, and has reduced compliance-related errors. Aviva was able to improve ROI by leveraging these automated compliance reporting features. A leading provider of life and pension products in Europe, the organization needed to facilitate compliance by implementing preventive, detective, and corrective controls in its IT environment. The organization implemented Tivoli security solutions to address the demands of its heterogeneous mainframe environment and facilitate compliance with tighter security policies, procedures, and regulations. This solution supports robust auditing and compliance reporting that have improved the organization s compliance posture, enhanced efficiencies, and reduced errors. Aviva has also successfully avoided significant costs associated with the labor required for manual compliance reporting as well as the costs of noncompliance in the case of errors. The mainframe as an enterprise security hub With Tivoli Security Management for z/os, IBM provides a solution that makes it possible for a mainframe to serve as an enterprise security hub for your organization. By leveraging additional components that address user provisioning, federated identity management, access management, encryption key management, audit reporting, and compliance management, Tivoli Security Management for z/os can provide outstanding security for your entire environment (see Figure 4). Figure 4: Tivoli Security Management for z/os, working with other mainframe security products, enables you to use your mainframe as an enterprise security hub.
14 Page 14 Tivoli Security Management for z/os offers closed-loop, integrated security information and event management with identity and access management. IBM integrates security with service request management, which enables you to offload your service desk workload with self-service password management while still performing necessary incident tracking from the service desk. Tivoli Security Management for z/os also offers closed-loop, integrated security information and event management with identity and access management. As a result, you can take advantage of identity management across the information lifecycle. It also monitors users continually, along with their rights and what users have done with those rights, to quickly diagnose and remediate exposures. By securing and auditing critical business services with Tivoli Security Management for z/os, you can take advantage of a trusted and resilient platform. You can also: Improve service by leveraging the most secure platform in the enterprise. Reduce costs through data center consolidation, embedded best practices, and automated compliance tasks. Manage risk by facilitating compliance with data disclosure and privacy regulations, as well as by improving audit preparedness. Avoid the significant and continually increasing costs associated with a security breach. Allied Irish Banks replaced its mainframe security software with Tivoli security products to help the company stay ahead of security threats and to lower compliance costs. Tivoli Security Management for z/os in action Allied Irish Banks (AIB) was looking for ways to become more agile and costeffective in serving its retail customers. AIB turned to IBM to replace its mainframe security system. The company needed a comprehensive security solution to help it enforce security as well as automate administration and auditing for multiple environments.
15 Page 15 AIB replaced its mainframe security software with IBM RACF and Tivoli security products to help it stay ahead of security threats and to lower compliance costs. AIB can now conduct proactive auditing of security configurations to detect and report on exposures and concerns. They can also monitor the AIB environment in real time for configuration errors, exposures, and intruders so that administrators can take immediate action. In addition, AIB can now access comprehensive and customizable reports to reduce audit overhead while addressing security and audit regulations such as Sarbanes-Oxley. They can automatically track changes to z/os and RACF security to help determine if system resources are at risk. User-friendly interfaces, interactive command generation, automated procedures, and online help enabled AIB security administrators to rapidly gain the z/os and RACF security skills they needed. The new system has helped AIB address security concerns, enabling administrators to shift their focus from security administration to high-quality security management activities. IBM can provide a Business Value Assessment for your organization to rapidly assess the business value of implementing Tivoli Security Management for z/os as your enterprise security solution. Building a business case for Tivoli Security Management for z/os IBM can provide a Business Value Assessment for your organization to rapidly assess the business value of implementing Tivoli Security Management for z/os as your enterprise security solution. Through this valuable service, IBM can help you determine the strategy you need to enhance the security of your mainframe environment and provide projected improvements in ROI with the implementation of your new solution. For more information To learn more about Tivoli Security Management for z/os, or to request a Business Value Assessment, contact your IBM representative or IBM Business Partner, or visit ibm.com/tivoli/solutions/security.
16 The customer is responsible for ensuring compliance with legal requirements. It is the customer s sole responsibility to obtain advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulatory requirements that may affect the customer s business and any actions the customer may need to take to comply with such laws. IBM does not provide legal advice or represent or warrant that its services or products will ensure that the customer is in compliance with any law or regulation. Copyright IBM Corporation 2009 IBM Corporation Software Group Route 100 Somers, NY U.S.A. Produced in the United States of America September 2009 All Rights Reserved IBM, the IBM logo, ibm.com, DB2, RACF, System z, Tivoli, and z/os are trademarks or registered trademarks of International Business Machines Corporation in the United States, other countries, or both. If these and other IBM trademarked terms are marked on their first occurrence in this information with a trademark symbol ( or ), these symbols indicate U.S. registered or common law trademarks owned by IBM at the time this information was published. Such trademarks may also be registered or common law trademarks in other countries. A current list of IBM trademarks is available on the Web at Copyright and trademark information at ibm.com/legal/copytrade.shtml UNIX is a registered trademark of The Open Group in the United States and other countries. Other company, product and service names may be trademarks or service marks of others. References in this publication to IBM products and services do not imply that IBM intends to make them available in all countries in which IBM operates. No part of this document may be reproduced or transmitted in any form without written permission from IBM Corporation. Product data has been reviewed for accuracy as of the date of initial publication. Product data is subject to change without notice. Any statements regarding IBM s future direction and intent are subject to change or withdrawal without notice, and represent goals and objectives only. THE INFORMATION PROVIDED IN THIS DOCUMENT IS DISTRIBUTED AS IS WITHOUT ANY WARRANTY, EITHER EXPRESS OR IMPLIED. IBM EXPRESSLY DISCLAIMS ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT. IBM products are warranted according to the terms and conditions of the agreements (e.g. IBM Customer Agreement, Statement of Limited Warranty, International Program License Agreement, etc.) under which they are provided. TIW14038-USEN-00
Security management solutions White paper IBM Tivoli and Consul: Facilitating security audit and March 2007 2 Contents 2 Overview 3 Identify today s challenges in security audit and compliance 3 Discover
IBM Netcool Configuration Manager Improve organizational management and control of multivendor networks Highlights Automate time-consuming device configuration and change management tasks Effectively manage
IBM Software Integrated Service Management: Visibility. Control. Automation. Enabling service innovation 2 Integrated Service Management: Visibility. Control. Automation. Every day, the world is becoming
Security solutions To support your IT objectives Adopt a unified, holistic approach to a broad range of data security challenges with IBM Data Security Services. Highlights Balance effective security with
Helping to secure critical healthcare infrastructure from internal and external IT threats, ensuring business continuity and supporting compliance requirements. Preemptive security solutions for healthcare
White Paper September 2009 Addressing IT governance, risk and compliance (GRC) to meet regulatory requirements and reduce operational risk in financial services organizations Page 2 Contents 2 Executive
IBM Software Thought Leadership White Paper September 2010 Consolidating security across platforms with IBM System z Protect your business-critical information by leveraging the mainframe as a security
IBM Netcool network management solutions for enterprise The big picture view that focuses on optimizing complex enterprise environments Highlights Enhance network functions in support of business goals
Facilitate security audits and monitor privileged users through a robust security compliance dashboard IBM Highlights Efficiently collect, store, investigate and retrieve logs through automated log management
IBM asset management solutions White paper Using IBM Maximo Asset Management to manage all assets for hospitals and healthcare organizations. September 2007 2 Contents 2 Executive summary 3 Introduction
Stay ahead of insiderthreats with predictive,intelligent security Sarah Cucuz firstname.lastname@example.org IBM Security White Paper Executive Summary Stay ahead of insider threats with predictive, intelligent
IBM Endpoint Manager for Lifecycle Management A single-agent, single-console approach for endpoint management across the enterprise Highlights Manage hundreds of thousands of endpoints regardless of location,
Security solutions To support your IT objectives Adopt a unified, holistic approach to a broad range of data security challenges with IBM Data Security Services. Highlights Balance effective security with
White paper December 2008 Addressing single sign-on inside, outside, and between organizations Page 2 Contents 2 Overview 4 IBM Tivoli Unified Single Sign-On: Comprehensively addressing SSO 5 IBM Tivoli
Service management White paper Manage access control effectively across the enterprise with IBM solutions. July 2008 2 Contents 2 Overview 2 Understand today s requirements for developing effective access
IBM Software White paper December 2010 Reduce your data storage footprint and tame the information explosion 2 Reduce your data storage footprint and tame the information explosion Contents 2 Executive
Security management solutions White paper Extend business reach with a robust security infrastructure. July 2007 2 Contents 2 Overview 3 Adapt to today s security landscape 4 Drive value from end-to-end
IBM Endpoint Manager for Lifecycle Management A single-agent, single-console approach for endpoint management across the enterprise Highlights Manage hundreds of thousands of endpoints regardless of location,
Security solutions To support your business objectives Implement security solutions that help protect your IT systems and facilitate your On Demand Business initiatives. For an On Demand Business, security
Three significant risks of FTP use and how to overcome them Management, security and automation Contents: 1 Make sure your file transfer infrastructure keeps pace with your business strategy 1 The nature
Service quality management solutions To support your business objectives Implement a unified approach to service quality management. Highlights Deliver high-quality software applications that meet functional
IBM Storage Manager for Virtual Environments Non-disruptive backup and instant recovery: Simplified and streamlined Highlights Simplify management of the backup and restore process for virtual machines
Automating policy enforcement to prevent endpoint data loss IBM Data Security Services for endpoint data protection endpoint data loss prevention solution Highlights Protecting your business value from
Service management solutions To support your IT objectives Address IT costs and streamline operations with IBM service request and asset management solutions. Highlights Help service desk technicians become
PRODUCT SHEET CA Compliance Manager for z/os CA Compliance Manager for z/os CA Compliance Manager for z/os (CA Compliance Manager) provides your organization with a single source for real-time, compliancerelated
Four keys to effectively monitor and control secure file transfer Contents: 1 Executive summary 2 Key #1 Make your data visible wherever it is in the network 2 Key #2 Reduce or even eliminate ad hoc use
Security Thought Leadership White Paper February 2012 Consolidated security management for mainframe clouds Leveraging the mainframe as a security hub for cloud-computing environments 2 Consolidated security
IBM Security QRadar Risk Manager Proactively manage vulnerabilities and network device configuration to reduce risk, improve compliance Highlights Visualize current and potential network traffic patterns
Cost-effectively manage the entire life cycle of your IT assets IBM Highlights Help control the costs of IT assets with a single product installation that tracks and manages hardware, software and related
IBM Software Thought Leadership White Paper October 2011 Driving workload automation across the enterprise Simplifying workload management in heterogeneous environments 2 Driving workload automation across
IBM PowerSC Security and compliance solution designed to protect virtualized datacenters Highlights Simplify security management and compliance measurement Reduce administration costs of meeting compliance
Software asset management White paper Improving IT service delivery through an integrated approach to software asset management. September 2008 2 Contents 2 Introduction 3 The challenges of managing software
Thought Leadership White Paper Cloud Computing Cloud Security Who do you trust? Nick Coleman, IBM Cloud Security Leader Martin Borrett, IBM Lead Security Architect 2 Cloud Security Who do you trust? Cloud
IBM Global Technology Services Thought Leadership White Paper November 2010 Strategies for assessing cloud security 2 Securing the cloud: from strategy development to ongoing assessment Executive summary
PRODUCT SHEET: CA TOP SECRET FOR z/os we can CA Top Secret r15 for z/os CA Top Secret for z/os (CA Top Secret ) provides innovative, comprehensive security for your business transaction environments, including
White Paper Achieving HIPAA Compliance through Security Information Management White Paper / HIPAA Contents Executive Summary... 1 Introduction: Brief Overview of HIPAA... 1 The HIPAA Challenge: Protecting
Enterprise asset capabilities for small and midsized organizations IBM Maximo Asset Essentials Highlights Leverage enterprise asset capabilities in a package specifically designed for small and midsized
IBM Software Thought Leadership White Paper October 2013 Breaking down silos of protection: An integrated approach to managing application security Protect your enterprise from the growing volume and velocity
IBM Software Cloud service delivery and management Rethink IT. Reinvent business. 2 Cloud service delivery and management Virtually unparalleled change and complexity On this increasingly instrumented,
Safeguarding the cloud with IBM Security solutions Maintain visibility and control with proven solutions for public, private and hybrid clouds Highlights Address cloud concerns with enterprise-class solutions
Improve business agility with Message Broker Enhance flexibility and connectivity while controlling costs and increasing customer satisfaction Highlights Leverage business insight by dynamically enriching
Deliver high-quality services while helping to control cost IBM Tivoli Service Request Manager Highlights Streamline incident and problem management processes for more rapid service restoration at an appropriate
Compliance Management, made easy LOGPOINT SECURING BUSINESS ASSETS SECURING BUSINESS ASSETS LogPoint 5.1: Protecting your data, intellectual property and your company Log and Compliance Management in one
IBM Software Energy and Utilities Thought Leadership White Paper Empowering intelligent utility networks with visibility and control IBM Intelligent Metering Network Management software solution 2 Empowering
Providing stronger security practices that enable PCI Compliance and protect cardholder data. Establish and Maintain Secure Cardholder Data with IBM Payment Card Industry Solutions Highlights Offers pre-assessment
IBM Global Technology Services Leveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs Achieving a secure government
TM Enforcive / Enterprise Security End to End Security and Compliance Management for the IBM i Enterprise Enforcive / Enterprise Security is the single most comprehensive and easy to use security and compliance
IBM Software Thought Leadership White Paper May 2013 Boosting enterprise security with integrated log management Reduce security risks and improve compliance across diverse IT environments 2 Boosting enterprise
Web application security Executive brief Managing a growing threat: an executive s guide to Web application security. Danny Allan, strategic research analyst, IBM Software Group Contents 2 Introduction
Zend and IBM: Bringing the power of PHP applications to the enterprise A high-performance PHP platform that helps enterprises improve and accelerate web and mobile application development Highlights: Leverages
IBM InfoSphere Guardium Data Activity Monitor for Hadoop-based systems Proactively address regulatory compliance requirements and protect sensitive data in real time Highlights Monitor and audit data activity
IBM Software Thought Leadership White Paper January 2011 When millions need access: Identity management in an increasingly connected world Best practice solutions that scale to meet today s huge numbers
www.netforensics.com NETFORENSICS WHITE PAPER Achieving Regulatory Compliance through Security Information Management Contents Executive Summary The Compliance Challenge Common Requirements of Regulations
PRODUCT BRIEF: CA VULNERABILITY MANAGER CA Vulnerability Manager r8.3 CA VULNERABILITY MANAGER PROTECTS ENTERPRISE SYSTEMS AND BUSINESS OPERATIONS BY IDENTIFYING VULNERABILITIES, LINKING THEM TO CRITICAL
IBM Endpoint Manager for Security and Compliance A single solution for managing endpoint security across the organization Highlights Provide up-to-date visibility and control from a single management console
IBM Software Security November 2011 IBM Rational AppScan: Application security and risk management Identify, prioritize, track and remediate critical security vulnerabilities and compliance demands 2 IBM
IBM Endpoint Manager for Core Protection Device control and endpoint protection designed to guard against malware and loss of sensitive data Highlights Delivers real-time endpoint protection against viruses,
SOA policy management White paper April 2009 Realizing business flexibility through integrated How integrated management supports business flexibility, consistency and accountability John Falkl, distinguished
IBM ediscovery Identification and Collection Turning unstructured data into relevant data for intelligent ediscovery Highlights Analyze data in-place with detailed data explorers to gain insight into data
White Paper Achieving PCI Data Security Standard Compliance through Security Information Management White Paper / PCI Contents Executive Summary... 1 Introduction: Brief Overview of PCI...1 The PCI Challenge:
Business Application Intelligence White Paper The V ersatile BI S o l uti on! Click&DECiDE s PCI DSS Version 1.2 Compliance Suite Nerys Grivolas December 1, 2009 Sales Office: 98, route de la Reine - 92100
Enterprise Security Moving from Chaos to Control with Integrated Security Management Yanet Manzano Florida State University email@example.com firstname.lastname@example.org 1 Enterprise Security Challenges Implementing
How does IBM deliver cloud security? An IBM paper covering SmartCloud Services 1 2 How does IBM deliver cloud security? Contents 2 Introduction 3 Cloud governance 3 Security governance, risk management
Datacenter Management Optimization with Microsoft System Center Disclaimer and Copyright Notice The information contained in this document represents the current view of Microsoft Corporation on the issues
Solving IT systems management and service management challenges with help of IBM Tivoli Overview Ēriks Miķelsons Tivoli Product Sales Manager Baltic Countries October 10, 2007 Vilnius Innovation is the
IBM Software IBM TRIRIGA: The power of true integration in workplace management solutions 2 IBM TRIRIGA: The power of true integration in workplace management solutions Introduction In today s increasingly
Strategic protection for Web applications To support your business objectives IBM Rational AppScan: enhancing Web application security and regulatory compliance. Are untested Web applications putting your
Automating policy enforcement to prevent endpoint data loss IBM Data Security Services for endpoint data protection endpoint data loss prevention solution Highlights Facilitate policy-based expertise and
IBM QRadar Security Intelligence April 2013 1 2012 IBM Corporation Today s Challenges 2 Organizations Need an Intelligent View into Their Security Posture 3 What is Security Intelligence? Security Intelligence
The Challenges of Administering Active Directory As Active Directory s role in the enterprise has drastically increased, so has the need to secure the data it stores and to which it enables access. The
Effective Incident, Problem, and Change Management Integrating People, Process, and Technology in the Datacenter Published April 2010 Executive Summary Information technology (IT) organizations today must
Unified Security Reduce the Cost of Compliance Introduction In an effort to achieve a consistent and reliable security program, many organizations have adopted the standard as a key compliance strategy
IBM Service solutions White paper Make ITIL actionable with Tivoli software. June 2008 2 Contents 2 Introduction 3 ITIL: best practices for best results 4 Support ITIL best practices with comprehensive
Net Report s PCI DSS Version 1.1 Compliance Suite Real Security Log Management! July 2007 1 Executive Summary The strict requirements of the Payment Card Industry (PCI) Data Security Standard (DSS) are
RSA Solution Brief Streamlining Security Operations with Managing RSA the Lifecycle of Data Loss Prevention and Encryption RSA envision Keys with Solutions RSA Key Manager RSA Solution Brief 1 Who is asking
IBM PowerSC Security and compliance solution designed to protect virtualised data centres Highlights Simplify security management and compliance measurement Reduce administration costs of meeting compliance
IBM i2 Enterprise Insight Analysis for Cyber Analysis Protect your organization with cyber intelligence Highlights Quickly identify threats, threat actors and hidden connections with multidimensional analytics
IBM Unstructured Data Identification and Management Discover, recognize, and act on unstructured data in-place Highlights Identify data in place that is relevant for legal collections or regulatory retention.
WHITE PAPER Content-Aware Identity & Access Management in a Virtual Environment June 2010 content-aware identity & access management in a virtual environment Chris Wraight CA Security Management we can
ITIL-aligned solutions White paper Use product solutions from IBM Tivoli software to align with the best practices of the Information Technology Infrastructure Library (ITIL). January 2005 2 Contents 2