IT Security Policy Management Usage Patterns Using IBM Tivoli Security Policy Manager

An IBM Redbooks publication

thumbnail 

Published on October 26, 2011

  1. .EPUB (2.6 MB)
  2. .PDF (11.1 MB)

Apple BooksGoogle Play Books
Share this page:   

ISBN-10: 0738436143
ISBN-13: 9780738436142
IBM Form #: SG24-7880-00


Authors: Axel Buecker, Scott Andrews, Craig Forster, Nicholas Harlow, Ming Lu, Sridhar Muppidi, Trevor Norvill, Philip Nye, Günter Waller and Eric T. White

    menu icon

    Abstract

    In a growing number of organizations, policies are the key mechanism by which the capabilities and requirements of services are expressed and made available to other entities. The goals established and driven by the business need to be consistently implemented, managed and enforced by the service-oriented infrastructure; expressing these goals as policy and effectively managing this policy is fundamental to the success of any IT and application transformation.

    First, a flexible policy management framework must be in place to achieve alignment with business goals and consistent security implementation. Second, common re-usable security services are foundational building blocks for SOA environments, providing the ability to secure data and applications. Consistent IT Security Services that can be used by different components of an SOA run time are required. Point solutions are not scalable, and cannot capture and express enterprise-wide policy to ensure consistency and compliance.

    In this IBM® Redbooks® publication, we discuss an IBM Security policy management solution, which is composed of both policy management and enforcement using IT security services. We discuss how this standards-based unified policy management and enforcement solution can address authentication, identity propagation, and authorization requirements, and thereby help organizations demonstrate compliance, secure their services, and minimize the risk of data loss.

    This book is a valuable resource for security officers, consultants, and architects who want to understand and implement a centralized security policy management and entitlement solution.

    Table of Contents

    Part 1. Business context

    Chapter 1. Business drivers and foundation for IT security policy management

    Chapter 2. Architecture patterns for externalizing security from applications and services

    Part 2. Implementing a policy life cycle management solution

    Chapter 3. Tivoli Security Policy Manager overview and architecture

    Chapter 4. Integration with external systems

    Part 3. Usage patterns for IT security policy management

    Chapter 5. Intermediary level integration

    Chapter 6. Container level integration

    Chapter 7. Database level integration

    Chapter 8. Application level integration

    Chapter 9. Deployment considerations

     

    Others who read this also read