This IBM Redpaper provides information on migrating from IBM Tivoli Risk Manager to IBM Tivoli Security Operations Manager 3.1. It highlights the concepts used in Risk Manager and maps them to Security Operations Manager. We also describe the steps required to migrate from an existing Risk Manager environment to a new Security Operations Manager installation. IBM Tivoli Security Operations Manager is the market leader in Security Event and Information Management (SEIM). Tivoli Security Operations Manager takes relevant logs from networking devices, security devices, servers, applications, databases, and endpoints. No matter what the size of your enterprise is, it correlates actual security threats and policy violations in near real time. Tivoli Security Operations Manager also automates the incident response once the security violation has been detected. Security Operations Manager integrates into your environment with a gateway to and from IBM Tivoli Netcool/OMNIbus and IBM Tivoli Enterprise Console.

As the practice of IT architecture continues to evolve, so does the specialty of IT security architecture. The general practice of IT architecture has advanced from object-oriented design toward services-oriented approaches that combine object orientation and process orientation within a Component Business Model. Increasingly, it is becoming apparent that IT security architecture is broader than the application of specialized technology. IT security includes a combination of process design and technology deployment that provides for: Modification of business processes to account for integration of business policies and risk management models A set of IT system management services needed to assure the desired level of resilience to the modified IT environment This IBM Redpaper reviews the basic concepts of security component design, following the Method for Architecting Secure Solutions (MASS). It introduces a second critical element of the unified security architecture, the security system management service view.