Verifying compliance and integrity
Scenario: PS027 - Verifying compliance and integrity of systems
Main Description

Context

Rob is the Chief Security Officer of his company and needs to certify the integrity of the systems generating financial reports. Part of maintaining integrity is controlling what people have access to certain information assets, and ensuring that the implemented changes were approved and meet compliance requirements.

Description

Steps Process and Activity Roles Work products Tools Tools
Establish access policies for all information assets.
Security Management
Security Management
Plan Security Practices
Plan and Implement Security Practices
Security Manager
Security Manager
Security Plan
Security Plan

None

Implement security policies.
Security Management
Security Management
Apply Security Protection Mechanisms
Plan and Implement Security Practices
Security Specialist
Security Specialist
Security Risk Analysis
Security Risk Analysis
Administer people and their accounts.
Security Management
Security Management
Operate Security Protection Mechanisms
Operate Security Protection Mechanisms
Security Specialist
Security Specialist
Security Response
Security Response
Administer the policies and approval claims for all accounts.
Security Management
Security Management
Operate Security Protection Mechanisms
Operate Security Protection Mechanisms
Security Specialist
Security Specialist
Security Response
Security Response
Determine if access policies are enforced by comparing local privileges to policies.
Compliance Management
Compliance Management
Implement Compliance Controls
Implement Compliance Controls
Compliance Manager
Compliance Manager
Compliance Operational Capabilities
Compliance Operational Capabilities
Produce security reports to show access policies are enforced by comparing local privileges to policies.
Security Management
Security Management
Monitor, Assess, and Report Security
Monitor, Assess, and Report Security
Security Analyst
Security Analyst
Security Reports
Security Reports
Implement audit findings by eliminating any orphan accounts. This is done by matching user accounts with known identities.
Security Management
Security Management
Operate Security Protection Mechanisms
Operate Security Protection Mechanisms
Security Specialist
Security Specialist
Security Response
Security Response

Obtaining more information

To get more information, talk to a representative, purchase IBM® Service Management tools, or visit the IBM Service Management page.

©Copyright IBM Corp. 2005, 2008. All Rights Reserved.