Introducing the IBM Security Framework and IBM Security Blueprint to Realize Business-Driven Security

Security is a major consideration in the way that business and information technology systems are designed, built, operated, and managed. The need to be able to integrate security into discussions with business functions and operations exists more than ever.

In this IBM® Redpaper™ publication, we explore concerns that characterize security requirements of, and threats to, business and information technology (IT) systems. We identify a number of the business drivers that illustrate these concerns, including managing risk and cost, and compliance to business policies and external regulations, showing how they can be translated into frameworks to enable enterprise security.

Over the last few decades, industry groups and standards bodies have developed frameworks that serve as a baseline for certain aspects of security, and in this IBM Redguide we discuss two such frameworks:

• CoBiT
  
• ISO27002
  

To help you with your security challenges, IBM has created a bridge to address the communication gap between the business and the technical perspectives of security to enable simplification of thought and process. The IBM Security Framework can help you translate the business view, and the IBM Security Blueprint describes the technology landscape view. Together they can help bring together the experiences that we gained from working with many clients to build a comprehensive solution view.

This IBM Redpaper is intended to be a valuable resource for business leaders, security officers, and consultants who wish to understand and implement enterprise security by considering a set of core security capabilities and services.

The latest updates (Janaury 2011) include some minor typos and a change in the color representation of the IBM Security Blueprint components to deliver improved black and white prints.

• TCP/IP Tutorial and Technical Overview, GG24-3376-07
• Tuning Windows Server 2003 on IBM System x Servers, REDP-3943-01
• IBM System Storage DS3500 Introduction and Implementation Guide, SG24-7914-00

Publish Date
13 December 2010

Last Update
27 January 2011

Rating:
(based on 5 reviews)

Rate this paper

Author(s)

Axel Buecker is a Certified Consulting Software IT Specialist at the ITSO, Austin Center. He writes extensively and teaches IBM classes worldwide on areas of software security architecture and network computing technologies. He holds a degree in Computer Science from the University of Bremen, Germany. He has 23 years of experience in a variety of areas related to workstation and systems management, network computing, and e-business solutions. Before joining the ITSO in March 2000, Axel worked for IBM in Germany as a Senior IT Specialist in Software Security Architecture.

• Axel Buecker

Martin Borrett is a certified Senior Managing Consultant at IBM in the UK. He manages security solutions in large and complex IT infrastructure outsourcing engagements for customers throughout Europe, the Middle East, and Africa. He has more than 10 years of experience in the security and compliance field, specializing in the areas of security management, IT risk assessment, governance, and operational risk management. Carsten has performed consulting engagements with IBM customers in various industries, ranging from fortune 500 to SMBs. Carsten is a CISSP, CISM, and CISA, and he holds a bachelor's degree in European Studies from University of Wolverhamption, UK, and a diploma in Business Science from University of Trier, Germany.

• Martin Borrett

Carsten Lorenz is a Technology Project Manager in the IBM Security Strategy Team. His current focus is on applying IT security technologies to the IBM Smarter Planet initiative and on research projects for the IBM Institute for Advanced Security. He is a member of the IBM risk management community and has a special interest in risk management methods applied to IT environments. Previously, he worked on privacy management, public key infrastructure, and network security projects in IBM.

• Carsten Lorenz

Calvin Powers is the Lead Security Architect for IBM across Northern Europe. He advises at the most senior level clients on the business, technical, and architectural issues associated with security. Martin is a co-author of the IBM Redbooks publication Understanding SOA Security, SG24-7310. He is Chairman of the IBM Europe Customer Security Forum and Vice Chairman of the IBM UK Technical Consulting Group. He is a member of the IBM Academy of Technology, a Fellow of the BCS, and a Chartered Engineer (CEng) and member of the IET.

• Calvin Powers

IBM Form Number
REDP-4528-01

Number of pages

96