IT Security Policy Management Usage Patterns Using IBM Tivoli Security Policy Manager

An IBM Redbooks publication

Published 26 October 2011

cover image

ISBN-10: 0738436143
ISBN-13: 9780738436142
IBM Form #: SG24-7880-00
(314 pages)

More options

Rate and comment

Authors: Axel Buecker, Scott Andrews, Craig Forster, Nicholas Harlow, Ming Lu, Sridhar Muppidi, Trevor Norvill, Philip Nye, Günter Waller, Eric T. White


In a growing number of organizations, policies are the key mechanism by which the capabilities and requirements of services are expressed and made available to other entities. The goals established and driven by the business need to be consistently implemented, managed and enforced by the service-oriented infrastructure; expressing these goals as policy and effectively managing this policy is fundamental to the success of any IT and application transformation.

First, a flexible policy management framework must be in place to achieve alignment with business goals and consistent security implementation. Second, common re-usable security services are foundational building blocks for SOA environments, providing the ability to secure data and applications. Consistent IT Security Services that can be used by different components of an SOA run time are required. Point solutions are not scalable, and cannot capture and express enterprise-wide policy to ensure consistency and compliance.

In this IBM® Redbooks® publication, we discuss an IBM Security policy management solution, which is composed of both policy management and enforcement using IT security services. We discuss how this standards-based unified policy management and enforcement solution can address authentication, identity propagation, and authorization requirements, and thereby help organizations demonstrate compliance, secure their services, and minimize the risk of data loss.

This book is a valuable resource for security officers, consultants, and architects who want to understand and implement a centralized security policy management and entitlement solution.

Table of contents

Part 1. Business context
Chapter 1. Business drivers and foundation for IT security policy management
Chapter 2. Architecture patterns for externalizing security from applications and services
Part 2. Implementing a policy life cycle management solution
Chapter 3. Tivoli Security Policy Manager overview and architecture
Chapter 4. Integration with external systems
Part 3. Usage patterns for IT security policy management
Chapter 5. Intermediary level integration
Chapter 6. Container level integration
Chapter 7. Database level integration
Chapter 8. Application level integration
Chapter 9. Deployment considerations

Follow IBM Redbooks

Follow IBM Redbooks