How to Ensure IT Compliance Without Compromising Innovation. Nik Teshima, IBM Phil Odence, Black Duck
|
|
- Aleesha Weaver
- 8 years ago
- Views:
Transcription
1 How to Ensure IT Compliance Without Compromising Innovation Nik Teshima, IBM Phil Odence, Black Duck Black Duck 2013
2 Speakers Phil Odence VP of Business Development Black Duck Software Nik Teshima Senior Product and Market Manager IBM 2 Black Duck 2013
3 Agenda The Iron Triangle of Compliance Compliance and Innovation Innovation and Control Elements Software Development Compliance Integrated Open Source Compliance Summary Q&A 3 Black Duck 2013
4 Black Duck Business 50% of companies will face challenges due to lack of FOSS policy and management FOSS Analysis (Nov. 2011) 4 Black Duck 2013
5 What Do We Do? Application development cycle Plan Code Build Test Release Open source governance lifecycle Acquire Approve Catalog Audit Monitor Description Version Vulnerabilities Cryptography License Maturity Black Duck Knowledge Base 5 Black Duck 2013
6 Black Duck and Rational 6+ year relationship Integrations Ready for Rational Black Duck Suite with: Recent Build Forge Rational Team Concert ClearCase Extending Rational compliance solution to include open source management 6 Black Duck 2013
7 Open Source Faster, Better, Cheaper Cost Schedule Features Open source is a silver bullet that allows simultaneous improvement along all three dimensions of the software iron triangle of cost, schedule, features. Jeffrey Hammond, Forrester 7 Black Duck 2013
8 The Compliance Iron Triangle Risk (all sorts) Productivity Compliance 8 Black Duck 2013
9 Agenda The Iron Triangle of Compliance Compliance and Innovation Innovation and Control Elements Software Development Compliance Integrated Open Source Compliance Summary Q&A 9 Black Duck 2013
10 Accelerating innovation while maintaining appropriate controls IT ORGANIZATIONS Developer Agility and Responsibility Management Governance and Empowerment Integrate early and continuously Collaborate in context across the extended lifecycle Optimize business outcomes Customers Line of Business Software Development Operations Accelerated Delivery 10
11 Business value Enabling Product and Service Innovation Rational Accelerating innovation to achieve business outcomes For IT clients: Integrate, collaborate and optimize for agility with governance 11 1 Boost productivity of 2 3 software engineering Improve project disciplines performance Maximize the efficient use of resources through automating overhead activities such as documentation, change propagation, status reporting, metrics collection, traceability, audit trails. Design, Development Quality Management Requirements Management Change and Configuration Management Business outcomes Automated status reporting derived from evolving engineering artifacts can improve productivity by 5-10% Valtech increased productivity by more than 40%; reduced defect rates by 75% Increase project predictability and reduce scrap and rework through improved collaboration across teams, geographies, roles and systems. Collaborative lifecycle management Project and Portfolio Management DevOps Multi-platform development Mobile, Multi-Channel Development Business outcomes Collaborating on work items, defects and build errors can reduce late rework by 25-50% Nationwide reduced production defects by 90% Emerging Health IT shortened life cycle delivery from 6 to 8 months to 3 months Improve business outcomes Align software investments to business priorities by leveraging instrumentation to optimize supply chain processes and improve decision-making. Governance, Risk and Compliance Portfolio Management Software Supply Chain Predictive Analytics Value realized Business outcomes Best practices in scope management can improve predictability of project delivery by 20-30% Danske Bank reduced its time-tomarket by 50% with an improved focus on measurement and improved agility Improved time and scope
12 IT Compliance Today s realities One compliance failure generates $81M in extra costs for firms earning larger than $1B in revenues. Source Demonstrating compliance How do you prove that your products and services are compliant and audit-ready? What s the impact of a regulatory compliance fine if you can t prove that your business applications and products adhere to industry regulatory requirements? How do you improve your ability to demonstrate compliance without slowing down your time to market and eroding your competitive posture? How do you prove your software development process is compliant? Today, Governance, Risk, and Compliance is typically fractured across an organization leading to uncoordinated buying patterns and high risk siloed operations and here s some examples from 2012
13 The solution is the automation of Internal Controls and Proof of Adherence Implemented in process Configured in CLM and proven by... Dashboards Reports Automated Enforcement 13
14 Integrated and effective Collaborative Lifecycle Management IBM Rational solution for Collaborative Lifecycle Management Design Requirements Quality Software Change and Configuration Architect Engineer Analyst Developer Quality Professional Deployment Engineer Open Lifecycle Integration Platform + many more
15 Rational IT Compliance: Three ways we support compliance 1) Planning for Compliance Organize, prioritize and track responses to changing regulatory content 2) Collaborative Compliance Remediation Mandates and Standards Delivery Ensure that the right things are built and tested Project X Project Z Controls Impacts: Business processes, Analytics System configuration Software IT applications 15 Project Y 3) Software and Product Development Compliance Govern how changes are made: Work authorization Segregation of duties Process capture and change control, Audit support and reporting Open Source governance with Black Duck and Rational
16 Compliance Example 1. Planning for Compliance 2. Collaborative Section 326 of the USA PATRIOT Act Compliance requires banks to have a Remediation Customer Identification Program (CIP) Delivery 3. Software and Product Development Compliance JKE Banking GRC analyzes the mandate, assess the risk of different implementations Procedures are issued for screening anyone applying for an account, including checking the applicant against a Federal Terrorist Watch list and people who have defaulted on loans with 16 JKE Bank. IT determines that there are three systems with online loan application capabilities. After analysis and deciding, two projects are identified in which the CIP will be implemented on these systems. The vendor management team performs an audit on the software development processes to ensure enforcement of the JKE Banking Internal Controls. The two projects progress and are completed using CLM, with complete tracing from the business need to project plans, detailed requirements, test cases and designs. Proper work authorization and segregation of duties are used.
17 Regulated Software Development Audit Challenges Say what you do Documented evidence of a thorough development process A well communicated and easily understood program Do what you say Prudent use and enforcement of applicable business controls Requirements integrity Tracking of requirements to implementation and test Management of software deliveries to preclude unauthorized changes Ensure the process is enforced (including process validation, audit and automation ) Process integrity: Implementation of change control over the development process and metrics used to monitor and control process execution Make sure developers are using only approved open source components that meet company policies Be prepared to prove it Documented evidence of adherence to internal controls through dashboards, regular reporting and monitoring, as well as independent audit
18 Software Development Compliance Work Authorization and Requirements Integrity Auditable Requirements review & approval; and authorization to implement them. Segregation of Duties Protect a system from unintended or unauthorized changes through a separation of duties (having more than one person required to complete a task or related set of tasks/activities). Process Change Control Ensure that the internal controls for IT (including software development) governance are enforced and cannot be circumvented. Audit Support and Reports Document how you have implemented the controls then prove that your teams are following them Open Source Governance Leverage the value of open source while minimizing risk with automated and unobstructed monitoring into its usage Defining your specific internal controls, as well as assuring that they meet the regulations to which you are bound and guidelines to which you aspire is the responsibility of your own governance, risk and compliance organization.
19 Regulated Software Development Work Authorization and Requirements Integrity Challenge Agile and iterative processes must be balanced with auditable authorization gates and change management to ensure only approved work is included in a release to production. User stories that need to be supported As an approval authority, I need the ability to approve the correctness of a specific version of a requirement. As an approval authority, I need the ability to certifiably authorize work to implement, test, deploy, etc. the approved version of the requirement. As an auditor, I need proof that only approved and authorized versions of requirements were implemented, tested, etc. and included in a given release Best practices Different products or combinations of products can be used Requirements Composer with Team Concert RRC to define, review / approve and manage requirements RTC to authorize and manage work assignments with e-signatures Team Concert only Capture, approve, manage and authorize changes and work
20 Regulated Software Development Segregation of Duties Challenge: Balance the needs for both flexible role definitions including the ability to assign multiple roles to the same individual ensuring no individual can circumvent segregation of duties rules and introduce unintended or unauthorized changes into a system. Auditor wants to see: Checks and balances to ensure that one person could not push changes through Software development best practices to ensure that the integrity of the system is maintained Best practices: Clearly capture segregation of duties rules Capture test cases for process changes Report segregation of duties violations with every build Automate enforcement of segregation of duties
21 IBM Rational Software Development Compliance Solution Segregation of Duties Three different ways Segregation of Duties is supported: 1. Using Roles and Permissions 2. Automated reporting on violations 3. Automated prevention of violations Cannot be same user
22 Regulated Software Development Process Change Control Challenge: balancing competing needs: a highly-configurable process ensuring necessary process change controls are enforced and not circumvented. Auditor wants to see: What parts of the process configuration are under change control What changes were made, and by whom, when, who authorized, the previous value and the new value Best practices: Centralized shared process configuration is used for controlling parts of the process configuration across an organization Custom work item type for capturing and approving process changes The process change history recorded by Team Concert
23 Regulated Software Development Audit Support Challenge: The prove it challenge: How to prove with minimal disruption and cost that the project followed and did not circumvent the documented process and associated internal controls. Auditor wants to see: How the process is communicated That users of the process know it and follow it A history of properly following the process How internal controls (work authorization, segregation of duties, etc.) are implemented Best practices: Generation of audit reports that capture historical proof of adherence to process and compliance rules Traceability from internal controls to implementation and testing of those controls to provide an audit trail
24 Regulated Software Development Open Source Compliance Management Challenge: Developers do their jobs faster and better by leveraging open source components that are freely available on the Internet But they may not be completely evaluating the code that they use, particularly from a licensing perspective Software Development Organizations Want: Visibility into what open source components their developers are using Assurance that components meet company policy No license violations Best practices: Create a company policy with respect to developers use of open source Implement processes to ensure policy compliance Automate processes to minimize overhead
25 Open Source Compliance Analysis Features Automated/Integrated with Build Process Identifies Open Source Content Utilizes Complete Industry Leading KnowledgeBase (700K+ OSS Components) Identifies License Conflicts with Company Policies Automatic Work Item Creation Bill of Materials Output Benefits Ensures Policy Compliance Provides Visibility into Software Contents Minimizes Compliance Burden on Developers
26 Automated Open Source Compliance with Black Duck and RTC Analysis Alert Remediation
27 Regulated Software Development Say, Do, Prove Implemented in process Configured in CLM and proven by... Dashboards Reports Automated Enforcement
28 Agenda The Iron Triangle of Compliance Compliance and Innovation Innovation and Control Elements Software Development Compliance Integrated Open Source Compliance Summary Q&A 28 Black Duck 2013
29 Q&A Any questions? Feel free to contact us after the webinar: Nik Teshima Phil Odence 29 Black Duck 2013
How to Avoid 5 Common Pitfalls in Open Source Utilization. July 2013
How to Avoid 5 Common Pitfalls in Open Source Utilization July 2013 Today s Presenters Phil Odence Black Duck Baruch Sadogursky JFrog 2 Agenda Open Source Trends Avoiding 5 Common Pitfalls JFrog Artifactory
More informationPhil Marshall Black Duck Software. 2012 ISACA Webinar Program. 2012 ISACA. All rights reserved.
Open Source Component Governance and Management Using COBIT Phil Marshall Black Duck Software 2012 ISACA Webinar Program. 2012 ISACA. All rights reserved. Welcome Type in questions using the Ask A Question
More informationComply, Improve, Transform: Regulatory Compliance Management for Software Development. Jim Duggan
Comply, Improve, Transform: Regulatory Compliance Management for Software Development Jim Duggan You Can Offset the Costs of Compliance! Complexity Drives Cost UP Sarbanes-Oxley HIPAA EPA Basel II M&A
More informationHarnessing the power of software-driven innovation. Martin Nally IBM Rational CTO IBM Fellow and VP
Harnessing the power of software-driven innovation Martin Nally IBM Rational CTO IBM Fellow and VP We have entered a new wave of innovation Innovation The Industrial Revolution Age of Steam and Railways
More informationGovernance, Risk, and Compliance (GRC) White Paper
Governance, Risk, and Compliance (GRC) White Paper Table of Contents: Purpose page 2 Introduction _ page 3 What is GRC _ page 3 GRC Concepts _ page 4 Integrated Approach and Methodology page 4 Diagram:
More informationWhat Developers, Cars & Banks Have in Common: Best Practices for Open Source Governance
What Developers, Cars & Banks Have in Common: Best Practices for Open Source Governance Shoken Kim Black Duck Software June 7, 2012 Linux Con Japan Compliance Mini-Track Overview Trends Strategic use of
More informationDriving Business Agility with the Use of Open Source Software
Driving Business Agility with the Use of Open Source Software Speakers Peter Vescuso EVP of Marketing & Business Development Black Duck Software Melinda Ballou Program Director, Application Life-Cycle
More informationCentralized Secure Vault with Serena Dimensions CM
Centralized Secure Vault with Serena Dimensions CM A single artifact repository for development, quality and operations SOLUTION BRIEF Why Security and Software engineering We re a bank not a startup,
More informationManaging Open Source Code Best Practices
Managing Open Source Code Best Practices September 24, 2008 Agenda Welcome and Introduction Eran Strod Open Source Best Practices Hal Hearst Questions & Answers Next Steps About Black Duck Software Accelerate
More informationTools and Methods to Address Complexity at Scale
Tools and Methods to Address Complexity at Scale Avnet Services Software Engineering Business Unit Agile Services Avnet Services at a Glance Avnet Services by the numbers Capabilities PRACTICES Cloud Solutions
More informationBridging Development and Operations: The Secret of Streamlining Release Management
Bridging Development and Operations: The Secret of Streamlining Release Management Mark Levy, Product Manager Serena Software SERENA SOFTWARE INC. Release Management Goal Deploy application changes into
More informationKey Benefits of Microsoft Visual Studio Team System
of Microsoft Visual Studio Team System White Paper November 2007 For the latest information, please see www.microsoft.com/vstudio The information contained in this document represents the current view
More informationFAQ. CloudOne. Frequently Asked Doors Next Generation Questions. Do what you do best. We ll do the rest.
CloudOne FAQ Frequently Asked Doors Next Generation Questions Go to www.doorsng.com for a free 60- day trial. Do what you do best. We ll do the rest. CloudOne Corporation 9247 North Meridian Suite 222
More information2015 IBM Continuous Engineering Open Labs Target to better LEARNING
2015 IBM Continuous Engineering Open Labs Target to better LEARNING (NO COST - not a substitute for full training courses) Choose from one or more of these Self-Paced, Hands-On Labs: DMT 3722 - Learn to
More informationSerena Dimensions CM. Develop your enterprise applications collaboratively securely and efficiently SOLUTION BRIEF
Serena Dimensions CM Develop your enterprise applications collaboratively securely and efficiently SOLUTION BRIEF Move Fast Without Breaking Things With Dimensions CM 14, I am able to integrate continuously
More informationCARMEN DEARDO DEVOPS TECHNOLOGY LEADER, NATIONWIDE INSURANCE
CARMEN DEARDO DEVOPS TECHNOLOGY LEADER, NATIONWIDE INSURANCE THRIVING IN A DYNAMIC, HIGHLY-REGULATED WORLD 16+ MILLION POLICIES $195.2 BILLION IN ASSETS # 1 CORPORATE LIFE WRITER # 1 WRITER OF FARMOWNERS
More informationGlobal Delivery Excellence Best Practices for Improving Software Process and Tools Adoption. Sunil Shah Technical Lead IBM Rational
Global Delivery Excellence Best Practices for Improving Software Process and Tools Adoption Sunil Shah Technical Lead IBM Rational Agenda Organization s Challenges from a Delivery Perspective Introduction
More informationEnhance visibility into and control over software projects IBM Rational change and release management software
Enhance visibility into and control over software projects IBM Rational change and release management software Accelerating the software delivery lifecycle Faster delivery of high-quality software Software
More informationManaging FDA regulatory compliance with IBM Rational solutions
IBM Software Healthcare Rational Managing FDA regulatory compliance with IBM Rational solutions 2 Managing FDA regulatory compliance with IBM Rational solutions Executive summary Today s healthcare, life
More informationBest Practices for Building Mobile Web
Best Practices for Building Mobile Web and Hybrid Applications Mobile is the NEXT dominant phase of computing Mobile is different: Transformational business models Faster lifecycles More iterative Mobile/Wireless/Cloud
More informationS24 - Governance, Risk, and Compliance (GRC) Automation Siamak Razmazma
S24 - Governance, Risk, and Compliance (GRC) Automation Siamak Razmazma Governance, Risk, Compliance (GRC) Automation Siamak Razmazma Siamak.razmazma@protiviti.com September 2009 Agenda Introduction to
More informationMaking Compliance Work for You
white paper Making Compliance Work for You with application lifecycle management Rocket bluezone.rocketsoftware.com Making Compliance Work for You with Application Lifecycle Management A White Paper by
More informationOrchestrated. Release Management. Gain insight and control, eliminate ineffective handoffs, and automate application deployments
Orchestrated Release Management Gain insight and control, eliminate ineffective handoffs, and automate application deployments Solution Brief Challenges Release management processes have been characterized
More informationEnforcing IT Change Management Policy
WHITE paper Everything flows, nothing stands still. Heraclitus page 2 page 2 page 3 page 5 page 6 page 8 Introduction How High-performing Organizations Manage Change Maturing IT Processes Enforcing Change
More information2405 - Using Git with Rational Team Concert and Rational ClearCase in enterprise environments
2405 - Using Git with Rational Team Concert and Rational ClearCase in enterprise environments Bartosz Chrabski Executive IT Specialist WW Competitive Sales Team bartosz.chrabski@pl.ibm.com Peter Hack ClearCase
More informationAchieving Control: The Four Critical Success Factors of Change Management. Technology Concepts & Business Considerations
Achieving Control: The Four Critical Success Factors of Change Management Technology Concepts & Business Considerations T e c h n i c a l W H I T E P A P E R Table of Contents Executive Summary...........................................................
More informationAgile Development Calls for an Agile Suite Solution
d Agile Development Calls for an Agile Suite Solution Authored by: David A. Kelly and Heather Ashton Upside Research, Inc. www.upsideresearch.com Contents Executive Summary Agile development has been a
More informationFive CIO challenges addressed by better change management.
Enterprise change management White paper June 2009 Five CIO challenges addressed by better change management. Dominic Tavassoli, IBM Page 2 Contents 2 Introduction 2 Lower the cost of managing change and
More informationAn introduction to the benefits of Application Lifecycle Management
An introduction to the benefits of Application Lifecycle Management IKAN ALM increases team productivity, improves application quality, lowers the costs and speeds up the time-to-market of the entire application
More informationSOLUTION BRIEF: CA IT ASSET MANAGER. How can I reduce IT asset costs to address my organization s budget pressures?
SOLUTION BRIEF: CA IT ASSET MANAGER How can I reduce IT asset costs to address my organization s budget pressures? CA IT Asset Manager helps you optimize your IT investments and avoid overspending by enabling
More informationIncorporate CMMI with Corporate Governance Using Enterprise Software Change Management Solutions
Incorporate CMMI with Corporate Governance Using Enterprise Software Change Management Solutions Tim Ruzbacki, Sr. Process Consultant MKS Software Inc. 4 th Annual CMMI Technology Conference, Denver CO
More informationIMPROVING RISK VISIBILITY AND SECURITY POSTURE WITH IDENTITY INTELLIGENCE
IMPROVING RISK VISIBILITY AND SECURITY POSTURE WITH IDENTITY INTELLIGENCE ABSTRACT Changing regulatory requirements, increased attack surfaces and a need to more efficiently deliver access to the business
More informationHOW TO UTILIZE OPEN SOURCE IN YOUR CODE BASE AND BUILD PROCESS. 2015 Black Duck Software, Inc. All Rights Reserved.
HOW TO UTILIZE OPEN SOURCE IN YOUR CODE BASE AND BUILD PROCESS 2015 Black Duck Software, Inc. All Rights Reserved. TODAY S PRESENTERS Baruch Sadogursky JFrog Dave Gruber Black Duck 2 2015 Black Duck Software,
More informationEmptoris Contract Management Solution for Healthcare Providers
Emptoris Contract Management Solution for Healthcare Providers An Emptoris White Paper Emptoris, an IBM Company www.emptoris.com CMS-HP-4/12 Emptoris Contract Management Solution for Healthcare Providers
More informationModernizing enterprise application development with integrated change, build and release management.
Change and release management in cross-platform application modernization White paper December 2007 Modernizing enterprise application development with integrated change, build and release management.
More informationCrossing the DevOps Chasm
SOLUTION BRIEF Application Delivery Solutions from CA Technologies Crossing the DevOps Chasm Can improved collaboration and automation between Development and IT Operations deliver business value more
More informationORACLE ENTERPRISE GOVERNANCE, RISK, AND COMPLIANCE MANAGER FUSION EDITION
ORACLE ENTERPRISE GOVERNANCE, RISK, AND COMPLIANCE MANAGER FUSION EDITION KEY FEATURES AND BENEFITS Manage multiple GRC initiatives on a single consolidated platform Support unique areas of operation with
More informationSolutions for Quality Management in a Agile and Mobile World
Solutions for Quality Management in a Agile and Mobile World with IBM Rational Quality Management Solutions Realities can stall software-driven innovation Complexities in software delivery compounded by
More informationRegulatory Compliance Management for Energy and Utilities
Regulatory Compliance Management for Energy and Utilities The Energy and Utility (E&U) sector is transforming as enterprises are looking for ways to replace aging infrastructure and create clean, sustainable
More informationDO-178B compliance: turn an overhead expense into a competitive advantage
IBM Software Rational Aerospace and Defense DO-178B compliance: turn an overhead expense into a competitive advantage 2 DO-178B compliance: turn an overhead expense into a competitive advantage Contents
More informationagility made possible
SOLUTION BRIEF CA IT Asset Manager how can I manage my asset lifecycle, maximize the value of my IT investments, and get a portfolio view of all my assets? agility made possible helps reduce costs, automate
More informationLeveraging Sarbanes-Oxley (SOX) to Build Better Practices
Leveraging Sarbanes-Oxley (SOX) to Build Better Practices Powering Strategies and Managing Risks Using SOX compliance to build disciplined, repeatable, and auditable practices. Running a successful business
More informationSolving IT systems management and service management challenges with help of IBM Tivoli Overview
Solving IT systems management and service management challenges with help of IBM Tivoli Overview Ēriks Miķelsons Tivoli Product Sales Manager Baltic Countries October 10, 2007 Vilnius Innovation is the
More information5 Steps for a Winning Open Source Compliance Program
5 Steps for a Winning Open Source Compliance Program Kellan Ponikiewicz Peter Vescuso @black_duck_sw Black Duck 2013 Speakers Peter Vescuso EVP of Marketing Black Duck Software Kellan Ponikiewicz IP Counsel
More informationMoving from Paper to Electronic Records: Hardwiring Compliance into Product Development Using technology to incorporate quality system regulation
P T C. c o m White Paper Medical Devices Page 1 of 8 Moving from Paper to Electronic Records: Hardwiring Compliance into Product Development Using technology to incorporate quality system regulation Abstract
More informationEnabling Continuous Delivery by Leveraging the Deployment Pipeline
Enabling Continuous Delivery by Leveraging the Deployment Pipeline Jason Carter Principal (972) 689-6402 Jason.carter@parivedasolutions.com Pariveda Solutions, Inc. Dallas,TX Table of Contents Matching
More informationOPTIMUS SBR. Optimizing Results with Business Intelligence Governance CHOICE TOOLS. PRECISION AIM. BOLD ATTITUDE.
OPTIMUS SBR CHOICE TOOLS. PRECISION AIM. BOLD ATTITUDE. Optimizing Results with Business Intelligence Governance This paper investigates the importance of establishing a robust Business Intelligence (BI)
More informationTech-Clarity Insight: Top 5 Misconceptions about Innovation Management Software
Tech-Clarity Insight: Top 5 Misconceptions about Innovation Management Software Busting Myths to Improve Innovation, Time to Market, and Profitability Tech-Clarity, Inc. 2013. Table of Contents Executive
More informationSuccessfully managing geographically distributed development
IBM Rational SCM solutions for distributed development August 2004 Successfully managing geographically distributed development Karen Wade SCM Product Marketing Manager IBM Software Group Page 2 Contents
More informationThe following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into
The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material,
More informationHow To Manage An Open Source Software
Executive Briefing: Four Steps to Creating an Effective Open Source Policy Greg Olson Sr. Director OSS Management Olliance Group Speaker Greg Olson Sr. Director, Open Source Management Over 30 years of
More informationRealizing business flexibility through integrated SOA policy management.
SOA policy management White paper April 2009 Realizing business flexibility through integrated How integrated management supports business flexibility, consistency and accountability John Falkl, distinguished
More informationProductivity Through Open Source Policy Compliance
Productivity Through Open Source Policy Compliance This article is part of a series on how Rational Collaborative Lifecycle Management (CLM) solutions support software development compliance. Today the
More informationEnabling Data Quality
Enabling Data Quality Establishing Master Data Management (MDM) using Business Architecture supported by Information Architecture & Application Architecture (SOA) to enable Data Quality. 1 Background &
More informationDevOps: Development Challenges and New Approaches
DevOps: Development Challenges and New Approaches Chris Sharp STSM, Chief Architect SWG Europe DevOps IBM Master Inventor, Member of IBM Academy of Technology Agenda The Problem and the Need for Change
More informationNERC CIP VERSION 5 COMPLIANCE
BACKGROUND The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Reliability Standards define a comprehensive set of requirements that are the basis for maintaining
More informationCertified Identity and Access Manager (CIAM) Overview & Curriculum
Identity and access management (IAM) is the most important discipline of the information security field. It is the foundation of any information security program and one of the information security management
More informationLowering business costs: Mitigating risk in the software delivery lifecycle
August 2009 Lowering business costs: Mitigating risk in the software delivery Roberto Argento IBM Rational Business Development Executive Valerie Hamilton IBM Rational Solution Marketing Manager and Certified
More informationRealtests.M2140-648.67 questions M2140-648. IBM Rational IT Sales Mastery Test v2
Realtests.M2140-648.67 questions Number: M2140-648 Passing Score: 800 Time Limit: 120 min File Version: 5.0 M2140-648 IBM Rational IT Sales Mastery Test v2 I'm sure glad that I used it. Even though I knew
More informationBusiness Data Authority: A data organization for strategic advantage
Business Data Authority: A data organization for strategic advantage Collibra Data Governance Software Company Reference Customers Business Data Growth and Challenge TREND Exploding volume, velocity and
More informationIBM Maximo for Service Providers:
IBM Maximo for Service Providers: Internal and Shared Service Providers Angela C. Pitts Market Management for Service Providers apitts@us.ibm.com 2005 IBM Corporation Agenda Overview of Internal Service
More informationApplication Outsourcing: The management challenge
White Paper Application Outsourcing: The management challenge Embedding software quality management for mutual benefit Many large organizations that rely on mainframe applications outsource the management
More informationWhite Paper. An Overview of the Kalido Data Governance Director Operationalizing Data Governance Programs Through Data Policy Management
White Paper An Overview of the Kalido Data Governance Director Operationalizing Data Governance Programs Through Data Policy Management Managing Data as an Enterprise Asset By setting up a structure of
More informationApplication Lifecycle Management: Marriage of Business Management with Software Engineering
Application Lifecycle Management: Marriage of Business Management with Software Engineering Lovelesh Chawla, Robert F. Roggio School of Computing University of North Florida Jacksonville, FL Lovelesh.chawla@gmail.com
More informationOSS LOGISTICS: DRIVING INNOVATIVE SOFTWARE FROM DEVELOPER TO CUSTOMER Alex Bigmore Senior Architect & Open Source Governance Programme Manager SITA
OSS LOGISTICS: DRIVING INNOVATIVE SOFTWARE FROM DEVELOPER TO CUSTOMER Alex Bigmore Senior Architect & Open Source Governance Programme Manager SITA Phil Granof EVP & Chief Marketing Officer Black Duck
More informationXEROX TALKS BEST PRACTICES FOR OPEN SOURCE GOVERNANCE
XEROX TALKS BEST PRACTICES FOR OPEN SOURCE GOVERNANCE November 2014 2014 Black Duck Software, Inc. All Rights Reserved. SPEAKERS Phil Odence Vice President and General Manager Black Duck Software Robert
More informationSecurity management solutions White paper. IBM Tivoli and Consul: Facilitating security audit and compliance for heterogeneous environments.
Security management solutions White paper IBM Tivoli and Consul: Facilitating security audit and March 2007 2 Contents 2 Overview 3 Identify today s challenges in security audit and compliance 3 Discover
More informationDevelopment Testing for Agile Environments
Development Testing for Agile Environments November 2011 The Pressure Is On More than ever before, companies are being asked to do things faster. They need to get products to market faster to remain competitive
More informationChoosing the Right Project and Portfolio Management Solution
Choosing the Right Project and Portfolio Management Solution Executive Summary In too many organizations today, innovation isn t happening fast enough. Within these businesses, skills are siloed and resources
More informationThe Firewall Audit Checklist Six Best Practices for Simplifying Firewall Compliance and Risk Mitigation
The Firewall Audit Checklist Six Best Practices for Simplifying Firewall Compliance and Risk Mitigation Copyright, AlgoSec Inc. All rights reserved The Need to Ensure Continuous Compliance Regulations
More informationOutperform Financial Objectives and Enable Regulatory Compliance
SAP Brief Analytics s from SAP SAP s for Enterprise Performance Management Objectives Outperform Financial Objectives and Enable Regulatory Compliance Drive better decisions and streamline the close-to-disclose
More informationWhite Paper Achieving GLBA Compliance through Security Information Management. White Paper / GLBA
White Paper Achieving GLBA Compliance through Security Information Management White Paper / GLBA Contents Executive Summary... 1 Introduction: Brief Overview of GLBA... 1 The GLBA Challenge: Securing Financial
More informationIBM Rational systems and software solutions for the medical device industry
IBM Software August 2011 IBM Rational systems and software solutions for the medical device industry Improve processes, manage IEC 61508 and IEC 62304 standards, develop quality products Highlights Manage
More informationChallenges and Approaches in Global Development and Delivery
Challenges and Approaches in Global Development and Delivery Mats Göthe - mats.gothe@se.ibm.com Kathryn Fryer - fryerk@ca.ibm.com Solution Architects, Rational Green Thread Team IBM Rational Software Development
More informationDriving Innovation with Open Source A View from the Automotive Industry. BearingPoint Black Duck Software
Driving Innovation with Open Source A View from the Automotive Industry BearingPoint Black Duck Software Speakers Phil Odence VP of Business Development Black Duck Software Claus-Peter Wiedemann Senior
More informationFor Infrastructure & Operations Professionals
Case Study: AMERICAN SYSTEMS Demonstrates The Value Of Business Service Management From Reactive To Proactive: Using Service Management To Leverage Integrated Event Correlation Executive Summary by Evelyn
More informationThe Value of Vulnerability Management*
The Value of Vulnerability Management* *ISACA/IIA Dallas Presented by: Robert Buchheit, Director Advisory Practice, Dallas Ricky Allen, Manager Advisory Practice, Houston *connectedthinking PwC Agenda
More informationHow To Ensure Financial Compliance
Evolving from Financial Compliance to Next Generation GRC Gary Prince Principal Solution Specialist - GRC Agenda Business Challenges Oracle s Leadership in Governance, Risk and Compliance Solution Overview
More informationShifting Enterprise Development into the Fast Lane
Shifting Enterprise Development into the Fast Lane DevOps for Enterprise Systems to transform your software delivery capability and deliver business value ibm.com/devops SHARE Orlando Fl 2015 Presented
More informationAddressing IT governance, risk and compliance (GRC) to meet regulatory requirements and reduce operational risk in financial services organizations
White Paper September 2009 Addressing IT governance, risk and compliance (GRC) to meet regulatory requirements and reduce operational risk in financial services organizations Page 2 Contents 2 Executive
More informationIntegrating Project Management and Service Management
Integrating Project and Integrating Project and By Reg Lo with contributions from Michael Robinson. 1 Introduction Project has become a well recognized management discipline within IT. is also becoming
More informationInformation & Asset Protection with SIEM and DLP
Information & Asset Protection with SIEM and DLP Keeping the Good Stuff in and the Bad Stuff Out Professional Services: Doug Crich Practice Leader Infrastructure Protection Solutions What s driving the
More informationRequirements Management im Kontext von DevOps
IBM Software Group Rational software Requirements Management im Kontext von DevOps DI Steindl Wolfgang https://www.xing.com/profiles/wolfgang_steindl Senior IT Specialist wolfgang.steindl@at.ibm.com http://lnkd.in/tpzrug
More informationBringing agility to Business Intelligence Metadata as key to Agile Data Warehousing. 1 P a g e. www.analytixds.com
Bringing agility to Business Intelligence Metadata as key to Agile Data Warehousing 1 P a g e Table of Contents What is the key to agility in Data Warehousing?... 3 The need to address requirements completely....
More informationE-commerce and Agile Cycle
Agile ALM: Oxymoron No More AgileCycle Review By: Uttam Narsu The Problem with Agile Tools A decade ago, most agile practitioners scoffed at the idea of agile tools. Traditional development and project
More informationPractical Approaches to Achieving Sustainable IT Governance
Practical Approaches to Achieving Sustainable IT Governance Beyond Mandates: Getting to Sustainable IT Governance Best Practices Agenda IT Governance Definition IT Governance Principles IT Governance Decisions
More informationReal-Time Security for Active Directory
Real-Time Security for Active Directory Contents The Need to Monitor and Control Change... 3 Reducing Risk and Standardizing Controls... 3 Integrating Change Monitoring... 4 Policy Compliance... 4 The
More informationScanning Open Source Software and Managing License Obligations on IBM SmartCloud. Because code travels
Scanning Open Source Software and Managing License Obligations on IBM SmartCloud Because code travels 1 Webinar Agenda Protecode & IBM SmartCloud Company IBM Partnership Solutions Managing Code Obligations
More informationState of Oregon. State of Oregon 1
State of Oregon State of Oregon 1 Table of Contents 1. Introduction...1 2. Information Asset Management...2 3. Communication Operations...7 3.3 Workstation Management... 7 3.9 Log management... 11 4. Information
More informationCA Oblicore Guarantee for Managed Service Providers
PRODUCT SHEET CA Oblicore Guarantee for Managed Service Providers CA Oblicore Guarantee for Managed Service Providers Value proposition CA Oblicore Guarantee is designed to automate, activate and accelerate
More informationCA HalvesThe Cost Of Testing IT Controls For Sarbanes-Oxley Compliance With Unified Processes.
TECHNOLOGY BRIEF: REDUCING COST AND COMPLEXITY WITH GLOBAL GOVERNANCE CONTROLS CA HalvesThe Cost Of Testing IT Controls For Sarbanes-Oxley Compliance With Unified Processes. Table of Contents Executive
More informationAn Oracle White Paper January 2010. Access Certification: Addressing & Building on a Critical Security Control
An Oracle White Paper January 2010 Access Certification: Addressing & Building on a Critical Security Control Disclaimer The following is intended to outline our general product direction. It is intended
More informationWhite Paper Software Quality Management
White Paper What is it and how can it be achieved? Successfully driving business value from software quality management is imperative for many large organizations today. Historically, many Quality Assurance
More informationAu t o n o m i c s - Ap p l i e d Ap p l i c a t i o n M a n agement
I D C T E C H N O L O G Y S P O T L I G H T Au t o n o m i c s - Ap p l i e d Ap p l i c a t i o n M a n agement October 2015 Sponsored by Capgemini Expectations on delivering business value from application
More informationSarbanes-Oxley: Beyond. Using compliance requirements to boost business performance. An RIS White Paper Sponsored by:
Beyond Sarbanes-Oxley: Using compliance requirements to boost business performance The business regulatory environment in the United States has changed. Public companies have new obligations to report
More informationDriving Your Business Forward with Application Life-cycle Management (ALM)
Driving Your Business Forward with Application Life-cycle Management (ALM) Published: August 2007 Executive Summary Business and technology executives, including CTOs, CIOs, and IT managers, are being
More informationInnovations in Pharma Sales Operations
Innovations in Pharma Sales Operations Sales Ops Importance in Pharma Pharmaceutical organizations are going through fundamental restructuring. They are facing changing regulations, intense cost pressure,
More informationAgenda. How Process & Decision Management Help to Increase Business Value? WebSphere Business Process Management
提 升 企 業 營 運 價 值 即 時 行 銷 及 時 調 校 企 業 體 質 高 效 優 化 Katrina Li WebSphere Client Technical Professional yili@tw.ibm.com Agenda How Process & Decision Management Help to Increase Business Value? WebSphere Business
More informationSan Francisco Chapter. Cassius Downs Network Edge LLC
Cassius Downs Network Edge LLC ITIL History ITIL Books V3 Objectives Business Benefits of V3 V3 Changes Training & Certification V2 or V3? Summary 2 The 12 Rules 1. EXERCISE Rule #1: Exercise boosts brain
More information