Compliance Management Solutions

IBM provides comprehensive services, software and hardware to assist enterprises in addressing the complexities and growing costs of IT security risk management and compliance. This involves identifying and prioritizing the strategic objectives and managing the business across people, processes, information and technology to realize those objectives. These solutions represent capabilities that support the entire lifecycle in assessing, planning, implementing, monitoring and maintaining enterprise compliance.

IBM Compliance Management solutions offer comprehensive capabilities for:

• Assessment, analysis and risk management
• Identifying and prioritizing strategic objectives
• Automating security compliance policy with internal controls
• Monitoring and reporting for regulatory compliance

Security compliance support covers a wide range of industry and governmental regulations and standards including PCI, FISMA, Basel II, SOX, HIPAA and ISO 27001.

Products and services:

• IBM Tivoli Security Information and Event Manager

  centralizes security information and event and compliance policy management providing visibility to the enterprise-wide security posture. It includes centralized log management, event correlation, a policy compliance dashboard and comprehensive reporting capabilities.

• IBM Tivoli Security Policy Manager

  delivers next generation, standards-based security management to help reduce complexity and cost of securing access to applications and web services in heterogeneous IT and SOA environments

• IBM Tivoli® Key Lifecycle Manager

  helps IT organizations better manage the encryption key lifecycle by allowing them to simplify, centralize, automate and strengthen key management processes across the computing environment.

• IBM Tivoli Security Compliance Manager

  protects businesses against vulnerable and out-dated software configurations by identifying security vulnerabilities and security policy violations for small, medium and large businesses.

• IBM Tivoli zSecure suite

  improves organizations’ ability to facilitate security compliance, monitor and audit incidents and automate routine administrative tasks for the mainframe.

• IBM Rational AppScan

  provides automated Web application scanning and testing for common vulnerabilities including WASC threat classification – such as SQL-injection, cross-site scripting, cross-site request forgery and buffer overflow – and intelligent fix recommendations to ease remediation.

• IBM Rational Policy Tester

  is a leading automated online compliance solution to assess quality, privacy, and accessibility compliance issues across corporate Web properties.

• IBM's Privacy Strategy and Implementation Service

  will help you become aware of the privacy implications for your business as well as plan and execute responsible practices that meet or exceed emerging worldwide standards for managing personal information.

• IBM's one-day Privacy Workshop

  is designed to help companies understand these new challenges and develop management plans to meet them. Sound privacy practices, both business and technical, will need to be put in place to maintain the privacy of your customers personal information. The best way to address your business needs is to develop an organization-wide privacy strategy.

• IBM's Security Health Check

  will identify both strengths and weaknesses in your organization's IT security controls. When you are aware of the business exposures resulting from inadequate security controls, you can begin to implement improved controls and also establish the processes that are required to ensure that the controls are effective.

• IBM's Security Policy Definition

  investigates the requirements for information security, the associated priorities and, thereafter, creates a custom security policy to clearly demonstrate management's commitment to an enterprise security program.

• IBM's Security Process Assessment

  will identify both strengths and weaknesses in your organization's IT security processes. When you are aware of the business exposures resulting from ineffective and inefficient security processes, you can begin to implement the changes that will provide the level of protection your business needs.

• IBM's Security Process Development Service

  will help you define and document the processes which enable your security objectives to be realized. The processes will be developed based on your organization's predefined information security standards or a standards-based code of practice.

• IBM's Security Product Selection

  systematically develops the total requirements that are important to your organization and analyzes them against available industry solutions in order to recommend the technical solutions that best fit the needs of your business, for the short and long term.

• IBM's Security Standards Definition

  investigates the requirements for information security, the associated priorities, and thereafter, creates custom security standards to serve as the cornerstones which direct the day to day operations of your security program.

• IBM's one-day Security Workshop

  is designed to help you understand how your connections to the outside world are being used, these connections create new security challenges which require different approaches to security than those which may have worked in the past. and develop your own management plans to meet them.

• IBM Proventia Network Scanner

  helps reduce network security risk by accurately identifying, prioritizing, tracking and reporting network vulnerabilities all while saving time through automated and continuous scanning.

• IBM Proventia Network Intrusion Prevention Systems (IPS)

  can help enterprises meet compliance requirements and protect valuable business data, but network administrators cannot tolerate the negative impact many traditional security appliances have on the network. The solution requires network performance and availability with advanced threat protection.

• IBM Internet Security Systems Regulatory Compliance Services

  are assessments based on integrated, end-to-end processes that are designed to encompass key aspects of security planning, management, and compliance reporting. These services can help you meet the requirements of these common regulations and standards: California Senate Bill No. 1386, FISMA, Gramm-Leach-Bliley Act, HIPAA, Payment Card Industry (PCI), Sarbanes-Oxley Act, SCADA Systems

• Federal Information Security Management Act (FISMA) Compliance

  solution helps Federal agencies evaluate your security posture against published requirements and best practices.

• IBM Information Security Assessment

  provides a comprehensive evaluation of your security posture. Understanding your current security state is an integral step to securing your sensitive data and meeting regulatory requirements.

• IBM Payment Card Industry (PCI) Assessment Service

  helps you determine your level of compliance with PCI, as well as validate your adherence to PCI requirements. This service includes pre-assessment testing and remediation, annual onsite PCI assessment with report on compliance (ROC), quarterly scanning services, penetration testing, and application security assessment for payment application providers.

• IBM Penetration Testing Services

  helps you discover the vulnerabilities in your information security. Our security experts validate your existing security controls and quantify real-world risks by conducting demonstrations of covert and hostile activities typical of network attacks in a safe and controlled exercise.

• IBM SCADA Security Assessment

  offers a comprehensive approach to SCADA security. Experienced SCADA security consultants assess and analyze the vulnerabilities of your SCADA systems. Then, gap assessment and remediation work can be performed, including the deployment of industry-leading preemptive security technologies that can protect your SCADA networks.