Presentation is loading. Please wait.

Presentation is loading. Please wait.

IBM GTS Storage Security and Compliance overview.

Similar presentations


Presentation on theme: "IBM GTS Storage Security and Compliance overview."— Presentation transcript:

1 IBM GTS Storage Security and Compliance overview

2 Security Compliance Risk Management & Testing SUMMARY
IBM has implemented a range of security control elements: identification; authentication; authorization; information protection and confidentiality; service integrity and availability; activity auditing; assurance; security incident reporting and management; and physical access controls Security A series of internal tests and metrics used to assess, validate and identify issues against agreed standards : ID Management Firmware management Inventory control Health Checking Compliance Underpinning security and compliance is risk based approach to address issues and series of indepth independent tests that all IBM accounts are periodically subjected to Internal Audits & Business Controls Reviews Process Testing Regulatory Reviews – if applicable Risk Management & Testing S C RM Security and Compliance – protect, test and validate

3 Security and Compliance – protect, test and validate
IBM IT SECURITY POLICY STANDARDS SUMMARY Technical measures to address propagation or execution of unapproved code (e.g., viruses and other malware) on a prescribed, prioritized schedule Regular vulnerability scans and penetration testing Security advisory actions and issues to be remediate on a timely basis, based on a classification of severity Technical controls designed to prevent denial of service attacks Specific security measures for remote access to IBM internal systems from outside the logical firewall, including a mandatory VPN client Specifications for devices to be registered in a database used for control and audit purposes Requirement to undergo security health checks prior to initial service activation and as per a mandated check schedule NOTE: There are some additional controls that are not relevant to storage Security and Compliance – protect, test and validate

4 Security and Compliance – protect, test and validate
IBM GTS STORAGE MANAGEMENT PROCESS Required to deliver a secure and efficient storage services Consists of 3 main task based areas: Handle updates of storage environment Delivering a secure and efficient storage service in Business as usual Handling of Storage vendor alerts or other global directions Supporting standards and guidance areas acting as primary controls - Firmware Management Microcode strategy/Code Currency Security Vulnerability services Technical Specifications Inventory Management Issue Management Health Checking Identity and Access Management Security and Compliance – protect, test and validate

5 Security and Compliance – protect, test and validate
IBM GTS STORAGE COMPLIANCE PROGRAM SUMMARY Series of secondary controls tests performed periodically on all IBM GTS Storage account to: Validate conformity to process, standards and client requirements Examine non compliance issues and drive remediation Identify opportunities for continous improvement Support the evaluation of business risks Testing is conducted in the following areas: User Id revalidation Health Checks Inventory validation Firmware currency Security vulnerability enrollment Build & Decommission Additionally, there is custom testing commissioned based on client request Security and Compliance – protect, test and validate

6 IBM GTS IT RISK MANAGEMENT SUMMARY
IBM IT Risk Management provides the oversight and framework for managing information security risks and noncompliance issues where IBM GTS provides services to customers Core areas are: Means to identify, analyze and evaluate the risks Determine the appropriate treatment Deliverables from this area are: Root Cause Analysis (RCA) guidance Framework for Customer Threat Management (CTM) Method that GTS uses for Risk Assessment and Response (RAaR) Security and Compliance – protect, test and validate

7 Questions Steve Biles: Steve Biles/Sweden/IBM

8 USEN-01


Download ppt "IBM GTS Storage Security and Compliance overview."

Similar presentations


Ads by Google