Search results

In this IBM® Redguide™ publication, we first explore some of the concerns that characterize security requirements of, and threats to, business and information technology (IT) systems. We then identify a number of business drivers that illustrate these concerns, including managing risk and cost, and compliance to business policies and external regulations. We describe how security is a major consideration in the way that business and information technology systems are designed, built, operated, and managed. In the past decades, industry groups and standards bodies have developed frameworks that serve as a baseline for some aspects of security. We discuss two common frameworks: CoBiT and ISO27002. Security for information technology can be complex and confounding. Therefore, IBM has created a pair of complementary views to bridge the communication gap between the business and the technical perspectives of security to enable convergence in thought and process. The IBM Security Framework addresses the business view, and the IBM Security Blueprint addresses the technical view. The IBM Security Framework was developed to describe security in terms of the business resources that need to be protected, and looks at the different resource domains from a business point of view. It divides IT security into the following six resource domains: - People and Identity - Data and Information - Application and Process - Network, Server, and Endpoint - Physical Infrastructure - Security Governance, Risk Management, and Comp

IBM® WebSphere® DataPower® SOA Appliances represent an important element in the holistic approach of IBM to service-oriented architecture (SOA). IBM SOA appliances are purpose-built, easy-to-deploy network devices that simplify, secure, and accelerate your XML and Web services deployments while extending your SOA infrastructure. These appliances offer an innovative, pragmatic approach to harness the power of SOA. By using them, you can simultaneously use the value of your existing application, security, and networking infrastructure investments. This series of IBM Redbooks publications is written for architects and administrators who need to understand the implemented architecture in WebSphere DataPower appliances to successfully deploy it as a secure and efficient enterprise service bus (ESB) product. These papers give a broad understanding of the new architecture and traditional deployment scenarios. They cover details about the implementation to help you identify the circumstances under which you should deploy DataPower appliances. They also provide a sample implementation and architectural best practices for an SOA message-oriented architecture in an existing production ESB environment. Part 2 of the series, this part, provides information about ways to integrate the DataPower appliance with other products such as IBM Tivoli® Access Manager and Tivoli Directory Server. The entire IBM WebSphere DataPower SOA Appliances series includes the following papers: "IBM WebSphere DataPower SOA Appliances Part I:

As the practice of IT architecture continues to evolve, so does the specialty of IT security architecture. The general practice of IT architecture has advanced from object-oriented design toward services-oriented approaches that combine object orientation and process orientation within a Component Business Model. Increasingly, it is becoming apparent that IT security architecture is broader than the application of specialized technology. IT security includes a combination of process design and technology deployment that provides for: Modification of business processes to account for integration of business policies and risk management models A set of IT system management services needed to assure the desired level of resilience to the modified IT environment This IBM Redpaper reviews the basic concepts of security component design, following the Method for Architecting Secure Solutions (MASS). It introduces a second critical element of the unified security architecture, the security system management service view.

IBM Tivoli Access Manager for Operating Systems is a simple-to-use, powerful security system that securely locks down business-critical applications, operating platforms, and files from unauthorized access. This firewall-like capability prevents both insiders and outsiders from the unauthorized access to, and use of, vital customer, employee, and partner data. Additionally, Tivoli Access Manager for Operating Systems audits application and platform activity to ensure compliance with corporate policies and government regulation. In an increasingly wired yet insecure world, Tivoli Access Manager for Operating Systems provides the assurance that customers, employees, and partners expect, and the rigorous auditing that the government and senior management require.