Search results

In this IBM® Redguide™ publication, we first explore some of the concerns that characterize security requirements of, and threats to, business and information technology (IT) systems. We then identify a number of business drivers that illustrate these concerns, including managing risk and cost, and compliance to business policies and external regulations. We describe how security is a major consideration in the way that business and information technology systems are designed, built, operated, and managed. In the past decades, industry groups and standards bodies have developed frameworks that serve as a baseline for some aspects of security. We discuss two common frameworks: CoBiT and ISO27002. Security for information technology can be complex and confounding. Therefore, IBM has created a pair of complementary views to bridge the communication gap between the business and the technical perspectives of security to enable convergence in thought and process. The IBM Security Framework addresses the business view, and the IBM Security Blueprint addresses the technical view. The IBM Security Framework was developed to describe security in terms of the business resources that need to be protected, and looks at the different resource domains from a business point of view. It divides IT security into the following six resource domains: - People and Identity - Data and Information - Application and Process - Network, Server, and Endpoint - Physical Infrastructure - Security Governance, Risk Management, and Comp

Hackers on the Internet have evolved from fame-hungry sabotage to fraud to profitable organized data and identity theft. As this evolution continues, it is important for business leaders to consider the security of their Web applications as a vital performance indicator of the success of their business. In this IBM® Redguide™ publication, we explain how your organization can evaluate its risk for hackers entering into your systems. We also explain how your organization can implement security testing and integrate solutions to improve security and protect your information assets. In the first part of this Redguide publication, we discuss how to evaluate the risk that your organization is exposed to. We explain why your organization is the target of attacks and who is behind them. We illustrate the impact that successful attacks can have on your organization. We show the latest trends and statistics in Web application vulnerabilities and the underground trade of stolen information. We give a technical overview of the areas where your application can be attacked and discuss the two most common Web application vulnerabilities. In the next part of this Redguide publication, we introduce the software development life cycle of Web applications and illustrate how security fits into this life cycle. We provide a step-by-step approach to integrating Web application security testing into your software development life cycle. We also show how and where you can use IBM Rational® products in your software development