Presentation is loading. Please wait.

Presentation is loading. Please wait.

IBM GTS Storage Security and Compliance overview.

Published byMarijana Horvat Modified over 5 years ago

Similar presentations

Presentation on theme: "IBM GTS Storage Security and Compliance overview."— Presentation transcript:

1 IBM GTS Storage Security and Compliance overview

2 Security Compliance Risk Management & Testing SUMMARY
IBM has implemented a range of security control elements: identification; authentication; authorization; information protection and confidentiality; service integrity and availability; activity auditing; assurance; security incident reporting and management; and physical access controls Security A series of internal tests and metrics used to assess, validate and identify issues against agreed standards : ID Management Firmware management Inventory control Health Checking Compliance Underpinning security and compliance is risk based approach to address issues and series of indepth independent tests that all IBM accounts are periodically subjected to Internal Audits & Business Controls Reviews Process Testing Regulatory Reviews – if applicable Risk Management & Testing S C RM Security and Compliance – protect, test and validate

3 Security and Compliance – protect, test and validate
IBM IT SECURITY POLICY STANDARDS SUMMARY Technical measures to address propagation or execution of unapproved code (e.g., viruses and other malware) on a prescribed, prioritized schedule Regular vulnerability scans and penetration testing Security advisory actions and issues to be remediate on a timely basis, based on a classification of severity Technical controls designed to prevent denial of service attacks Specific security measures for remote access to IBM internal systems from outside the logical firewall, including a mandatory VPN client Specifications for devices to be registered in a database used for control and audit purposes Requirement to undergo security health checks prior to initial service activation and as per a mandated check schedule NOTE: There are some additional controls that are not relevant to storage Security and Compliance – protect, test and validate

4 Security and Compliance – protect, test and validate
IBM GTS STORAGE MANAGEMENT PROCESS Required to deliver a secure and efficient storage services Consists of 3 main task based areas: Handle updates of storage environment Delivering a secure and efficient storage service in Business as usual Handling of Storage vendor alerts or other global directions Supporting standards and guidance areas acting as primary controls - Firmware Management Microcode strategy/Code Currency Security Vulnerability services Technical Specifications Inventory Management Issue Management Health Checking Identity and Access Management Security and Compliance – protect, test and validate

5 Security and Compliance – protect, test and validate
IBM GTS STORAGE COMPLIANCE PROGRAM SUMMARY Series of secondary controls tests performed periodically on all IBM GTS Storage account to: Validate conformity to process, standards and client requirements Examine non compliance issues and drive remediation Identify opportunities for continous improvement Support the evaluation of business risks Testing is conducted in the following areas: User Id revalidation Health Checks Inventory validation Firmware currency Security vulnerability enrollment Build & Decommission Additionally, there is custom testing commissioned based on client request Security and Compliance – protect, test and validate

6 IBM GTS IT RISK MANAGEMENT SUMMARY
IBM IT Risk Management provides the oversight and framework for managing information security risks and noncompliance issues where IBM GTS provides services to customers Core areas are: Means to identify, analyze and evaluate the risks Determine the appropriate treatment Deliverables from this area are: Root Cause Analysis (RCA) guidance Framework for Customer Threat Management (CTM) Method that GTS uses for Risk Assessment and Response (RAaR) Security and Compliance – protect, test and validate

7 Questions Steve Biles: Steve Biles/Sweden/IBM

8 USEN-01

Download ppt "IBM GTS Storage Security and Compliance overview."

Similar presentations

Dr Lami Kaya LamiKaya@gmail.com ISO 27001 Information Security Management System (ISMS) Certification Overview Dr Lami Kaya LamiKaya@gmail.com.

Dr Lami Kaya ISO Information Security Management System (ISMS) Certification Overview Dr Lami Kaya
Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server 2008. Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),

Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),
© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Summer 200811 IAVA1 NATIONAL INFORMATION ASSURANCE TRAINING STANDARD FOR SYSTEM ADMINISTRATORS (SA) Minimum.

Summer IAVA1 NATIONAL INFORMATION ASSURANCE TRAINING STANDARD FOR SYSTEM ADMINISTRATORS (SA) Minimum.
Security Controls – What Works

Security Controls – What Works
Information Security Policies and Standards

Information Security Policies and Standards
August 9, 2005 UCCSC -- 2005 IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.

August 9, 2005 UCCSC IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.
1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.

1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
Chapter 7 Database Auditing Models

Chapter 7 Database Auditing Models
Internal Auditing and Outsourcing

Internal Auditing and Outsourcing
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.

Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.
Chapter 20 20-1 © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Agenda  Introduce key concepts in information security from the practitioner’s viewpoint.  Discuss identifying and prioritizing information assets through.

Agenda  Introduce key concepts in information security from the practitioner’s viewpoint.  Discuss identifying and prioritizing information assets through.
INFORMATION SECURITY GOVERNANCE (ISG) Relates to the security of information systems Is an element of corporate governance.

INFORMATION SECURITY GOVERNANCE (ISG) Relates to the security of information systems Is an element of corporate governance.
NUAGA May 22, 2014.  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.

NUAGA May 22,  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.
No one questions that Microsoft can write great software. Customers want to know if we can be innovative, scalable, reliable in the cloud. (1996) 450M+

No one questions that Microsoft can write great software. Customers want to know if we can be innovative, scalable, reliable in the cloud. (1996) 450M+
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.

Similar presentations

Ads by Google