Proactive Security Management - Large Enterprise Business - HP
Proactive Security Management - Large Enterprise Business - HP
Proactive Security Management - Large Enterprise Business - HP
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
3–2<br />
<strong>Proactive</strong> security management is an important and integral part of an organization's IT infrastructure<br />
management and operations. This key component of <strong>HP</strong>'s security framework focuses on the<br />
management of security functions in support of business and organizational goals and processes. The<br />
objective is to make sure that the mechanisms for protection are operating appropriately during the setup,<br />
operation, and decommissioning of various IT services and assets. <strong>Proactive</strong> security management<br />
also ensures that protection is robust, scalable, and flexible enough to rapidly address changing conditions.<br />
Figure 3–1<br />
<strong>Proactive</strong> <strong>Security</strong> <strong>Management</strong><br />
In this chapter, we define proactive security management, review the conditions driving its need, and<br />
present <strong>HP</strong>'s framework of technologies and services for proactive security management.<br />
Definition<br />
<strong>Proactive</strong> security management focuses on managing security functions in support of business and<br />
organizational goals and processes. It has four distinct attributes that comprise the bigger picture:<br />
• Managing the protection of data, applications, systems, and networks, both proactively and reactively<br />
• Supporting changes to business and organizational models and responding to a changingthreat<br />
environment<br />
• Integrating with IT infrastructure management and operations<br />
• Maintaining a level of security and operational risk as defined by the organization<br />
Managing Protection <strong>Proactive</strong>ly and Reactively<br />
The fundamental purpose of security products and software systems is the protection of IT assets. In this<br />
security context, protection means providing appropriate confidentiality, integrity, and availability for a<br />
set of IT assets. Therefore, proactive security management's primary responsibility is to maintain a specified<br />
level of confidentiality, integrity, and availability of data, applications, systems, networks, and other<br />
IT resources.<br />
With the frequent success of fast and sophisticated attacks, it is apparent that reactive security<br />
methods alone are not sufficient. Reactive mechanisms deal with attacks or viruses once they enter<br />
the infrastructure—when damage and costs are already adding up. <strong>Proactive</strong> security management adds