Browse
related articles
Figure 9 - Security Event Processing
So what is needed is technology that can be configured to take into account data flows from multiple sources and conditionally apply multiple independent tests to this data in a sequential manner to refine, aggregate, correlate and hence produce useful information.
This technology also needs to be able to take account of the external factors such as the physical security information for example building access by personnel, as well as contextual factors such as security 'status'. Finally this technology should be capable of suggesting and automatically taking intelligent courses of action.
Using this technology will allow organisations to manage and to take control of the multiple layers of security technology in place today. It will empower the management to focus on protecting the critical business processes rather than the technology employed. What is needed is better management not more security technology.
Conclusions
The new security management model supports the business imperatives of financial discipline, assuring business continuity, managing operational risk and regulatory compliance. This model focuses on managing the existing security technologies more effectively rather than adding to or replacing them.
It covers the disciplines of identity and access management, threat management and the newly emerging security information management. It supports information security management processes like BS7799/ISO17799 and provides a complete, integrated and open solution.
Identity and Access management covers the management of who can access what. It ensures that identities are quickly and accurately provisioned and de-provisioned across all the information systems. It enforces role based access control, when what you can do is based on your function within the organisation. It ensures that all administrative and user activity is audited.
Threat management ensures business continuity by protecting the information systems infrastructure from cyber threats. It helps to identify and manage the remediation of system software vulnerabilities. It provides protection from computer viruses and other forms of malicious code. It helps to manage content received and transmitted across the organisation's network perimeter in a flexible way taking into account privacy legislation.
Security information management provides a solution to manage the plethora of security event data that is now emanates from the many IT security technologies that are deployed. It provides the means to screen, filter and correlate this to produce useful information. It delivers this information in a personalised way and provides a common interface into the many IT security management processes.
For more than 28 years, Computer Associates International, Inc. (CA) has delivered a broad range of world-class management solutions. CA's eTrust™ Security Management solutions meet the requirements of the new security management model by providing a complete, integrated and open security management package.
Computer Associates
