Microsoft PowerPoint - [MNC]IBM Security_\300\316\274\342\272

보안 우리가 방심하면고객은 변심한다- 글로벌 기업의 보안관리2012.5IBM KoreaGlobal Technology ServicesNo part of it may be circulated, quoted, or reproducedfor distribution without prior approval from IBM© Copyright IBM Corporation 2012

The new security landscapeIBM SECURITYemergence of mobile, cloud, BYOIT, and Web 2.0Embracing New Technologies,Adopting New Business ModelsExploding and InterconnectedDigital UniverseEmployees,customers,contractors,outsourcers30 billion RFID tags(products,passports,buildings,animals)1 billionworkers will beremote ormobileBring YourOwn ITSocial BusinessMobility1 trillion connectedobjects (cars,appliances,cameras) 1B Mobile Internetusers 30% growth of 3GdevicesCloud / Virtualization33% of all new business softwarespending will be Software as a Service2 page

Increasing Threats & ChallengesIBM SECURITY기업의 정보보안 요건은 확대되고 있으나, 낮은 관심도와 제한적 투자, 전문성의 부족 등으로 인해 많은 기업들이 보안 리스크에 노출되어 있으며 적절한 대응 체계를 갖추지 못하고 있습니다“The Year of the Security Breach” – IBM’s X-Force® R&D3 page

글로벌 보안 관련 법/규제 현황IBM SECURITY글로벌 전역에서 정보보호 관련 다양한 법/규제를 시행하고 있습니다Privacy Information Protection Act (2011)4 page

IBM의 실천IBM SECURITYIBM은 내부적으로 10개 과제를 실천하고 있습니다5. Take a Hygienic Approach toManaging Infrastructure6. Control Network Access4. Secure Services, By Design7. Address New Complexity ofCloud and Virtualization3. Secure the Workplace ofthe Future (Endpoint)8. Assure Supply Chain SecurityCompliance2. Manage Incidents9. Protect Structured &Unstructured Data1. Build a Risk Aware Culture &Management System10. Manage the Identity Lifecycle5 page

보안거버넌스정립및마스터플랜기술적취약점점검1. Build a Risk Aware Culture & Management SystemIBM SECURITYAS-IS 진단및GAP 분석로드맵수립(예)6 page

2. Manage IncidentsIBM SECURITYCustomer Sites/ SO AccountsSaaSMobile Device Security ServicesApplication Security On DemandVulnerability Management ServicesSecurity Event and Log ManagementEmail/Web Filtering ServicesX-ForceThreatAnalysisServiceCollect Meta data(logs, events)InternetMonitoringAlerting ReportingIBM SecurityOperations CenterSOCAtlanta - DetroitBackBoneCustomer IT-Security Manager• Real time systems health checking• Track threats, reduce risksSOCBrusselsSOCIndiaSOCBrisbaneSOCJapanCustomer CIO/VP executivereporting• Policy reporting• Audit reporting• Compliance dashboard 13 billion managed security events a day 9 SOCs globally Guaranteed 100% SLA’s offered Follow the sun services; 24x7x3657 page

3. Secure the Workplace of the Future (Endpoint)IBM SECURITYWiFiMobileappsDevelop anddeliver safeapplicationsInternetWebsitesSecure theendpointdeviceTelecomProviderBluetoothConnectionMobileDeviceCorporateGatewayCorporateIntranetDefend the network andprotect corporate systems8 page

개요기간고객의견5. Take a Hygienic Approach to Managing InfrastructureIBM SECURITY10 page

대상장비작업창 접속리스트사용자로그인사용자관리장비관리정책관리실시간모니터링 로그관리통계 자관리서버시스템6. Control Network AccessIBM SECURITY(인터넷) 사용자11 page시스템 접근통제및감사

7. Address New Complexity of Cloud and VirtualizationIBM SECURITYIdentityFederationWeb ApplicationScanningVirtualizationSecurityNetworkSecurityImage & PatchManagementDatabaseMonitoringIBM Security Intelligence12 page

8. Assure Supply Chain Security ComplianceIBM SECURITY발주사:고객 정보 및 DM 컨텐츠 제공DM 아웃소싱:DM 컨텐츠 제작, 프린팅, 배송, 반송 관리고객 DB본사마케터지점영업개인 자료(고객정보)• 고객명• 주소• 사용내역컨텐츠 제작 (청구서)- 고객명- 주소- 사용내역개인정보보호법이슈본사마케터+Campaign Message 1전송(웹 하드, email, USB 등)MSG 1 MSG 2지점영업Campaign Message 2개인정보보호법이슈상담직원communication고객13 page

9. Protect Structured & Unstructured DataIBM SECURITYMiddle ware 단의log 파일과backup DATA암호화Log FilesPassword filesConfiguration filesIIS Apache WebLogicDB tablespacefile & raw device암호화Raw partitionsData filesTransactionlogsExportsBackupERP CRM Payments CMS LegacyDB2 Oracle SQL Sybase Legacy다양한 backupdata에 대한암호화 보관 관리File sharesArchiveContentrepositoriesMulti-mediaFileServersFTPServersEmailServersDAS SAN NAS VMOther14 page

10. Manage the Identity LifecycleIBM SECURITY15 page

글로벌 기업 사례IBM SECURITYVodafone, India – Application Security andVulnerability AssessmentWal-Mart, working with IBM consultants,performs secure code reviews of preproductioncode. These reviews identifyvulnerabilities in the code and providerecommended steps for remediation.Hilton to Achieve PCI Compliancy with ACost-Effective Security Solution from IBMFidelity Information Systems Partners withIBM to Tackle a Complex GovernmentInitiativeExxonMobil to Improve Security Protectionwith a Cloud Security Solution from IBM16 page

IBM’s SecurityIBM SECURITYIBM Portfolio includes a wide array of security offerings across all IT domainsSecurity governance, risk andcomplianceSecurity Information and eventmanagement (SIEM) and logmanagementIBM Security FrameworkIdentity and accessmanagementIdentity managementAccess managementSecurity governance, riskmanagement and compliancePeople and identityData securityData loss preventionData entitlementmanagementData and informationEncryption and keylifecycle managementMessaging securityApplication and processE-mail SecurityDatabase monitoringand protectionData maskingNetwork, servers and endpointsPhysical infrastructureCommon policy, event handling and reportingApplication securityApplication vulnerabilityscanningWeb applicationfirewallProfessionalservicesManagedservicesHardware andsoftwareWeb and URL filteringAccess and entitlementmanagementSOA 1 securityProfessional servicesManaged servicesInfrastructuresecurityThreatanalysisVulnerabilityassessmentSecurity eventmanagementVirtual systemsecurityManagedmobility svcs.Endpoint protectionIntrusion preventionsystemProductsCloud deliveredFirewall, IDS/IPS 2MFS 3 managementMainframe security audit,administration and complianceSecurity configurationand patch management1Service oriented architecture (SOA), 2 Intrusiondetection system and intrusion prevention system(IDS/IPS, 3 Managed firewall service (MFS)Physical security17 page

DNA to secure a Smarter PlanetIBM SECURITYSecurityIntelligence,Analytics & GRCPeopleDataApplicationsInfrastructure18 page

19 pageIBM SECURITY

IBM SECURITYEnd of Document20 page