Compliance Management Solutions

IBM provides comprehensive services, software and hardware to assist enterprises in addressing the complexities and growing costs of IT security risk management and compliance. This involves identifying and prioritizing the strategic objectives and managing the business across people, processes, information and technology to realize those objectives. These solutions represent capabilities that support the entire lifecycle in assessing, planning, implementing, monitoring and maintaining enterprise compliance.

IBM Compliance Management solutions offer comprehensive capabilities for:

• Assessment, analysis and risk management
• Identifying and prioritizing strategic objectives
• Automating security compliance policy with internal controls
• Monitoring and reporting for regulatory compliance

Security compliance support covers a wide range of industry and governmental regulations and standards including PCI, FISMA, Basel II, SOX, HIPAA and ISO 27001.

Products and services:

• IBM Tivoli Security Information and Event Manager

  centralizes security information and event and compliance policy management providing visibility to the enterprise-wide security posture. It includes centralized log management, event correlation, a policy compliance dashboard and comprehensive reporting capabilities.

• IBM Tivoli Security Policy Manager

  delivers next generation, standards-based security management to help reduce complexity and cost of securing access to applications and web services in heterogeneous IT and SOA environments.

• IBM Tivoli® Key Lifecycle Manager

  helps IT organizations better manage the encryption key lifecycle by allowing them to simplify, centralize, automate and strengthen key management processes across the computing environment.

• IBM Tivoli Security Compliance Manager

  protects businesses against vulnerable and out-dated software configurations by identifying security vulnerabilities and security policy violations for small, medium and large businesses.

• IBM Security zSecure suite (formerly known as IBM Tivoli zSecure suite)

  improves organizations’ ability to facilitate security compliance, monitor and audit incidents and automate routine administrative tasks for the mainframe.

• IBM Rational AppScan

  provides automated Web application scanning and testing for common vulnerabilities including WASC threat classification – such as SQL-injection, cross-site scripting, cross-site request forgery and buffer overflow – and intelligent fix recommendations to ease remediation.

• IBM Rational Policy Tester

  is a leading automated online compliance solution to assess quality, privacy, and accessibility compliance issues across corporate Web properties.

• IBM Proventia Network Scanner

  helps reduce network security risk by accurately identifying, prioritizing, tracking and reporting network vulnerabilities all while saving time through automated and continuous scanning.

• IBM Internet Security Systems Regulatory Compliance Services

  are assessments based on integrated, end-to-end processes that are designed to encompass key aspects of security planning, management, and compliance reporting. These services can help you meet the requirements of these common regulations and standards: California Senate Bill No. 1386, FISMA, Gramm-Leach-Bliley Act, HIPAA, Payment Card Industry (PCI), Sarbanes-Oxley Act, SCADA Systems

• Federal Information Security Management Act (FISMA) Compliance

  solution helps Federal agencies evaluate your security posture against published requirements and best practices.

• IBM Information Security Assessment

  provides a comprehensive evaluation of your security posture. Understanding your current security state is an integral step to securing your sensitive data and meeting regulatory requirements.

• IBM Payment Card Industry (PCI) Assessment Service

  helps you determine your level of compliance with PCI, as well as validate your adherence to PCI requirements. This service includes pre-assessment testing and remediation, annual onsite PCI assessment with report on compliance (ROC), quarterly scanning services, penetration testing, and application security assessment for payment application providers.

• IBM Penetration Testing Services

  helps you discover the vulnerabilities in your information security. Our security experts validate your existing security controls and quantify real-world risks by conducting demonstrations of covert and hostile activities typical of network attacks in a safe and controlled exercise.

• IBM SCADA Security Assessment

  offers a comprehensive approach to SCADA security. Experienced SCADA security consultants assess and analyze the vulnerabilities of your SCADA systems. Then, gap assessment and remediation work can be performed, including the deployment of industry-leading preemptive security technologies that can protect your SCADA networks.