Proactive Security Management - Large Enterprise Business - HP

More documents

Recommendations

Info

3–2 Proactive security management is an important and integral part of an organization's IT infrastructure management and operations. This key component of HP's security framework focuses on the management of security functions in support of business and organizational goals and processes. The objective is to make sure that the mechanisms for protection are operating appropriately during the setup, operation, and decommissioning of various IT services and assets. Proactive security management also ensures that protection is robust, scalable, and flexible enough to rapidly address changing conditions. Figure 3–1 Proactive Security Management In this chapter, we define proactive security management, review the conditions driving its need, and present HP's framework of technologies and services for proactive security management. Definition Proactive security management focuses on managing security functions in support of business and organizational goals and processes. It has four distinct attributes that comprise the bigger picture: • Managing the protection of data, applications, systems, and networks, both proactively and reactively • Supporting changes to business and organizational models and responding to a changingthreat environment • Integrating with IT infrastructure management and operations • Maintaining a level of security and operational risk as defined by the organization Managing Protection Proactively and Reactively The fundamental purpose of security products and software systems is the protection of IT assets. In this security context, protection means providing appropriate confidentiality, integrity, and availability for a set of IT assets. Therefore, proactive security management's primary responsibility is to maintain a specified level of confidentiality, integrity, and availability of data, applications, systems, networks, and other IT resources. With the frequent success of fast and sophisticated attacks, it is apparent that reactive security methods alone are not sufficient. Reactive mechanisms deal with attacks or viruses once they enter the infrastructure—when damage and costs are already adding up. Proactive security management adds
methods, technologies, and services that focus on fixing vulnerabilities before an attack can exploit them. Preventing a security breach makes it easier to maintain business functions compared to when a business is recovering from a successful attack. Prevention is accomplished through the ongoing management of threats and vulnerabilities to the IT infrastructure. Responding to Changing Business Models and Threats Once a security infrastructure is in place, it must have the ability to adapt to changes in business models and the various threats that emerge. Business model changes can come from organizational changes such as reorganizations or mergers. For example, the requirements of proactive security management during a merger might include integrating different security technologies like intrusion prevention systems, and managing employee privilege and authority changes. These transitions must happen quickly, and security management capabilities must be efficient. The threat of attack from criminals, insiders, worms, and viruses is much more unpredictable than changing business models, and the threat environment has shown an increase in the speed and complexity of attacks. The implications for proactive security management include the need for capabilities that can integrate new security technologies and tightly link them with asset, patch, and configuration management systems. Integrating With IT Management Distinct security technologies and processes are specific to IT security. These include functional security technologies such as authentication methods (for example, passwords, tokens, and biometrics), encryption methods and encryption key management systems, and firewall systems. Along with security technologies, a number of IT technologies and processes play a significant role in the total security management picture. For example, proactive security management depends on IT workflow systems, trouble ticketing systems, and patch management systems (for testing and applying security-related patches). Having a security operations center that is separate from a network operations center can lead to security decisions that are made without regard to business impact. For example, what if a security decision shut down a vulnerable server that the network operations people were using to handle overflow order traffic? Proactive security management impacts and depends on IT management. Maintaining Acceptable Security and Risk Levels Perfect security is an impossibility, and experts recommend spending only as much money as necessary to obtain the appropriate level of protection. The common question is, How much security is enough? The answer is: it depends. It depends on the result of a risk calculation that factors in the value of the protected assets, the threats against those assets, and the vulnerabilities. Security management, in one sense, becomes a tool for managing risk. Maintaining an acceptable level of risk is the highest-level business goal for proactive security management. The acceptable level of risk, however, varies for industries, organizations, and companies, and a functional proactive security management solution provides the correct levels of confidentiality, integrity, and availability to meet the acceptable level of risk. Purpose The purpose of proactive security management is to protect assets, enable business processes, and drive costs down. The factors that drive the need for proactive security management include: • Protecting against increasing threats • Enabling changing trust models • Combating increasing process complexity and related expense • Complying with changing regulations Proactive Security Management 3–3
Page 1: Chapter 3 Proactive Security Manage
Page 5 and 6: Complying With Changing Regulations
Page 7 and 8: Figure 3-2 Overview of HP Proactive
Page 9 and 10: • Security incidents that are pro
Page 11 and 12: To support the Security Incident Ma
Page 13 and 14: • Manage the SEM system from a hi
Page 15 and 16: HP's Partners and HP OpenView Curre
Page 17 and 18: list, the Federal Computer Incident
Page 19 and 20: program identifies and prioritizes
Page 21 and 22: Information Sharing and Analysis Ce

Proactive Security Management - Large Enterprise Business - HP

Create successful ePaper yourself

Delete template?

Save as template?