Proactive Security Management - Large Enterprise Business - HP

methods, technologies, and services that focus on fixing vulnerabilities before an attack can exploit them.
Preventing a security breach makes it easier to maintain business functions compared to when a business
is recovering from a successful attack. Prevention is accomplished through the ongoing management
of threats and vulnerabilities to the IT infrastructure.
Responding to Changing Business Models and Threats
Once a security infrastructure is in place, it must have the ability to adapt to changes in business models
and the various threats that emerge. Business model changes can come from organizational changes such
as reorganizations or mergers. For example, the requirements of proactive security management during
a merger might include integrating different security technologies like intrusion prevention systems, and
managing employee privilege and authority changes. These transitions must happen quickly, and security
management capabilities must be efficient.
The threat of attack from criminals, insiders, worms, and viruses is much more unpredictable than changing
business models, and the threat environment has shown an increase in the speed and complexity of attacks.
The implications for proactive security management include the need for capabilities that can integrate new
security technologies and tightly link them with asset, patch, and configuration management systems.
Integrating With IT Management
Distinct security technologies and processes are specific to IT security. These include functional security
technologies such as authentication methods (for example, passwords, tokens, and biometrics), encryption
methods and encryption key management systems, and firewall systems. Along with security technologies,
a number of IT technologies and processes play a significant role in the total security management picture.
For example, proactive security management depends on IT workflow systems, trouble ticketing systems,
and patch management systems (for testing and applying security-related patches). Having a security
operations center that is separate from a network operations center can lead to security decisions that are
made without regard to business impact. For example, what if a security decision shut down a vulnerable
server that the network operations people were using to handle overflow order traffic? Proactive
security management impacts and depends on IT management.
Maintaining Acceptable Security and Risk Levels
Perfect security is an impossibility, and experts recommend spending only as much money as necessary to
obtain the appropriate level of protection. The common question is, How much security is enough?
The answer is: it depends. It depends on the result of a risk calculation that factors in the value of the
protected assets, the threats against those assets, and the vulnerabilities. Security management, in one
sense, becomes a tool for managing risk. Maintaining an acceptable level of risk is the highest-level
business goal for proactive security management. The acceptable level of risk, however, varies for
industries, organizations, and companies, and a functional proactive security management solution provides
the correct levels of confidentiality, integrity, and availability to meet the acceptable level of risk.
Purpose
The purpose of proactive security management is to protect assets, enable business processes, and drive
costs down. The factors that drive the need for proactive security management include:
• Protecting against increasing threats
• Enabling changing trust models
• Combating increasing process complexity and related expense
• Complying with changing regulations
Proactive Security
Management
3–3