© 2012 IBM Corporation IBM Institute for Business Value 1 Security Intelligence and Compliance Analytics 2012 Global CEO Study Capability Alignment

© 2012 IBM Corporation IBM Institute for Business Value 2 CIOs will play a critical role in supporting their CEOs’ drive to create value through employees, customers and partners  Enabling social business with enhanced employee collaboration tools  Supporting the mobile workforce with secure anywhere, anytime, any device access  Improving communications efficiency with unified communications  Partnering with the CMO by providing analytics tools to improve customer insight and understanding and automating essential marketing processes  Building the information infrastructure to support analytics and the ability to manage Big Data  Expanding the digital footprint with mobile applications and access so customers can engage from any device and place at any time  Enabling cloud-based business models with the right cloud implementation (private, public, hybrid)  Supporting broader collaboration and real-time communications with partners  Linking outsourced business processes to in-house systems and delivery

© 2012 IBM Corporation IBM Institute for Business Value 3 CIOs will support the broad CEO agenda with enabling IT solutions delivered efficiently and securely Supporting the CEO Agenda with enabling IT solutions  Delivering IT services efficiently and effectively by optimizing IT including cloud delivery models  Supporting advanced analytics to deliver insights and manage “Big Data” with storage and information management optimization  Establishing enhanced security to protect vital enterprise information as the mobile access expands the security perimeter expands beyond the data center

© 2012 IBM Corporation IBM Institute for Business Value 4 The world is becoming more digitized and interconnected, opening the door to emerging threats and leaks… Organizations continue to move to new platforms including cloud, virtualization, mobile, social business and more EVERYTHING IS EVERYWHERE With the advent of Enterprise 2.0 and social business, the line between personal and professional hours, devices and data has disappeared CONSUMERIZATION OF IT The age of Big Data – the explosion of digital information – has arrived and is facilitated by the pervasiveness of applications accessed from everywhere DATA EXPLOSION The speed and dexterity of attacks has increased coupled with new motivations from cyber crime to state sponsored to terror inspired ATTACK SOPHISTICATION …making security a top concern, from the boardroom down

© 2012 IBM Corporation IBM Institute for Business Value 5 Cyber impacts have been increasing in size, scope

© 2012 IBM Corporation IBM Institute for Business Value 6 Security challenges are impacting innovation  Cyber attacks  Organized crime  Corporate espionage  State-sponsored attacks  Social engineering External threats Sharp rise in external attacks from non-traditional sources  Administrative mistakes  Careless inside behavior  Internal breaches  Disgruntled employee actions  Mix of private / corporate data Internal threats Ongoing risk of careless and malicious insider behavior  National regulations  Industry standards  Local mandates Compliance Growing need to address an increasing number of mandates MobilityCloud / VirtualizationSocial Business Impacting innovation Business Intelligence

© 2012 IBM Corporation IBM Institute for Business Value 7 The impact of a breach is no longer contained in IT, but reverberates across the corporation *Source: Discussions with more than 13,000 C-suite executives as part of the IBM C-suite Study Series CxO priority Security risks Potential impact CEO Maintain competitive differentiation Misappropriation of intellectual property Misappropriation of business sensitive data Loss of market share and reputation Legal exposure CFO/COO Comply with regulations Failure to address regulatory requirements Audit failure Fines and criminal charges Financial loss CIO Expand use of mobile devices Data proliferation Unsecured endpoints and inappropriate access Loss of data confidentiality, integrity and/or availability CHRO Enable global labor flexibility Release of sensitive data Careless insider behavior Violation of employee privacy CMO Enhance the brand Stolen personal information from customers or employees Loss of customer trust Loss of brand reputation Increasingly, companies are appointing CROs and CISOs with a direct line to the Audit Committee

© 2012 IBM Corporation IBM Institute for Business Value 8 In this “new normal”, organizations need an intelligent view of their security posture Security Intelligence Proficient Proactive Automated Manual Reactive Proficient Basic Optimized Optimized Organizations use predictive and automated security analytics to drive toward security intelligence Proficient Security is layered into the IT fabric and business operations Basic Organizations employ perimeter protection, which regulates access and feeds manual reporting

© 2012 IBM Corporation IBM Institute for Business Value 9 IBM Security delivers intelligence, integration and expertise across a comprehensive framework Intelligence ● Integration ● Expertise  Only vendor in the market with end-to- end coverage of the security foundation  6K+ security engineers and consultants  Award-winning X-Force ® research  Largest vulnerability database in the industry IBM Security Solutions

© 2012 IBM Corporation IBM Institute for Business Value 10 Increased Awareness and Accuracy  Prevent advanced threats with real-time intelligence correlation across security domains  Increase situational awareness by leveraging real-time feeds of X-Force Research and Global Threat Intelligence across IBM Global Managed Security Operations Centers, IBM security products, such as QRadar SIEM, Network Security appliances, and IBM Managed Security Services  Conduct complete incident investigations with unified identity, database, network and endpoint activity monitoring and log management Ease of Management  Simplify risk management and decision-making with IBM Security governance services and products  Enhance auditing and access capabilities by sharing Identity context across multiple IBM security products  Build automated, customized application protection using IBM security products and managed security services Reduced Cost and Complexity  Deliver faster deployment, increased value and lower TCO by working with a single strategic partner Think Integration: Increasing Security, Collapsing Silos, and Reducing Complexity

© 2012 IBM Corporation IBM Institute for Business Value 11 Unmatched Global Coverage & Security Awareness  20,000+ devices under contract  3,700+ MSS clients worldwide  9B+ events managed per day  1,000+ security patents*  133 monitored countries (MSS)  20,000+ devices under contract  3,700+ MSS clients worldwide  9B+ events managed per day  1,000+ security patents*  133 monitored countries (MSS) Worldwide Managed Security Services Coverage Security Operations Centers Security Research Centers Security Solution Development Centers Institute for Advanced Security Branches

© 2012 IBM Corporation IBM Institute for Business Value 12 Getting started: Security Risk Assessment IT GRC People Data Applications Infrastructure Managed Services Business Challenge Need to Identify and mitigate security risks and breaches to protect critical business information Need to reduce costs and complexity of security management initiatives Need to manage compliance with regulatory requirements Our customizable security risk assessment is designed to review your existing security infrastructure and provide a prioritized plan to help strengthen and streamline with security intelligence. Click here to find out more… Click here to find out more… Improves understanding of business risk due to weaknesses of information security controls Helps identify security risks with a comprehensive assessment of your existing security program with actionable recommendations for mitigation Facilitates reduced costs and complexity of security management while supporting new business initiatives Value Delivered

© 2012 IBM Corporation IBM Institute for Business Value 13 For more information Global (SWG) Vice President: Kent BlossomKent Blossom (Services) Vice President Marisa ViverosMarisa Viveros (GBS) S&P Leader: John W LainhartJohn W Lainhart Japan (SWG) Hideo WadaHideo Wada (Sales - Services) Shohichi S HonmaShohichi S Honma (GBS – Sales) Masaharu ItoiMasaharu Itoi NA (Sales -Services) Chris Esemplare Chris Esemplare (SWG – Canada) Michael CoroneosMichael Coroneos (GBS) Partner: Nichola TiesengaNichola Tiesenga (GBS) Partner: Nev ZunicNev Zunic MEA (Sales - Services) Mahmoud El KordyMahmoud El Kordy Sales – SWG) Joe RuthvenJoe Ruthven AP (Sales - Services) Martin BiggsMartin Biggs CEE (Sales - Services) Lukas MulleLukas Mulle LA (Sales - Services) Pablo RebolledoPablo Rebolledo GMU (SWG) Roman TumaRoman Tuma (GBS – India GD) Anish Srivastava Anish Srivastava NE (Sales - Services) Marcus Schmid Marcus Schmid (SWG – UKI) Matthew Middleton-LealMatthew Middleton-Leal (GBS – Europe Sales) Roger GateRoger Gate SW (Sales - Services) Rodrigo NaranjoRodrigo Naranjo (SWG – Italy) Giovanni Todaro Giovanni Todaro (GBS – Germany Sales) Marc AlbrechtMarc Albrecht For Internal Enablement Only Links to additional enablement materials IBM Security – Security IntelligenceIBM Security – Security Intelligence. (SWG) IBM Security ServicesIBM Security Services (GTS) IBM Security: ProductsIBM Security: Products. (SWG) IBM Security Risk Assessment – Offering KitIBM Security Risk Assessment – Offering Kit (GTS) Enterprise IT Security Risk Assessment – Offering KitEnterprise IT Security Risk Assessment – Offering Kit (GBS)

© 2012 IBM Corporation IBM Institute for Business Value 14 Enterprise IT Security Risk Assessment Achieving successful enterprise wide security with an integrated approach Managed Services © 2012 IBM Corporation The IBM Enterprise IT Security Risk Assessment is focused on ensuring that the enterprise’s people, data, applications are adequately and cost effectively protected, fulfilling compliance mandates using analytics based approach and continuous improvement. People & Identity Application & Process Governance, Risk & Compliance Data & Information 1. Assess Understand the current and desired levels of security controls 2. Analyze 3. Plan & Roadmap Identify risk exposure by mapping these levels against business objectives and industry best practices Develop a plan and prioritized roadmap for eliminating risks based on business impact 4. Continuous Improvement Implement risk based predictive cyber threat analytics to optimize security controls & facilitate continuous improvement Manage risks through continuous improvement Client Participation C-Suite, LOB, IT C-Suite, LOB, CIO CIO, IT