Tool Mentor: TCIM - Audit and Report Compliance
TM054 - How to Audit Compliance Using IBM Tivoli Compliance InSight Manager
Tool: IBM Tivoli Compliance InSight Manager
Relationships
Related Elements
Main Description

Context

Tool mentors explain how a tool can perform tasks, which are part of ITUP processes and activities. The tasks are listed as Related Elements in the Relationships section.

You can see the details of how processes and activities are supported by this tool mentor, by clicking the links next to the icons:

Details

Tivoli® Compliance Insight Manager (TCIM) provides customers with the capability of monitoring their organization's IT assets and procedures against compliance with a policy (regulation, best practice, or customer defined). Specifically, TCIM excels at user monitoring and monitoring of privileged users.

TCIM collects security audit events from sources around the enterprise and stores them for future processing in its store called the Depot. The collection of audit logs is automated and runs on a schedule, and the logs themselves are compressed before transmission. Transmission occurs over an encrypted link. TCIM further provides a Log Management dashboard and two key reports: the Log Collect History and Log Continuity.

Tivoli Compliance Insight Manager

The log management process is:

  • Reliable (automated, scheduled)
  • Secure (transmitted across the network on an encrypted link)
  • Verifiable (through reporting)

Log Continuity Report

Once audit trails are collected and securely stored in the Insight Depot, they are then available for analysis and reporting.

Reporting is a scheduled activity and creates reports in the normalized W7 format. This format can be used for presentation to auditors, or for further investigation if needed.

The events are processed for reporting by first normalizing the events to a common model, known as W7 (WHO, WHEN, WHAT, WHERE, onWHAT, WHEREFROM and WHERETO).

TCIM’s policy engine measures the normalized events against the best practice policy that is in place to highlight those events that do not meet this acceptable use policy. This immediately highlights the events that need further investigation, either using the built-in reporting facility, or by retrieving the original log data for forensic analysis using external tools.

TCIM comes with many built-in reports that use the normalized event data to allow the user to easily perform:

  • Privileged User Monitoring and Audit (PUMA)
  • Reporting against best practices
  • Custom reporting against a custom policy
  • Compliance Reporting through optional compliance management modules

One key report is the compliance dashboard, showing at a glance, the overall security compliance posture of the organization.

Compliance dashboard showing the overall security compliance posture of the organization

The compliance management modules currently available are:

  • ISO17799
  • Sarbanes Oxley
  • GLBA
  • HIPAA
  • Basel II

Using the custom reporting tool in TCIM, you can quickly develop new modules that are either specific to the customer's usage, or in support of new regulations or standards.

For more information

For more information about this tool, click IBM® Tivoli Compliance InSight Manager at the top of this page.

©Copyright IBM Corp. 2005, 2008. All Rights Reserved.