Tool Mentor: ITPM - Operate Security Protection Mechanisms
TM065 - How to Use IBM Tivoli Privacy Manager to Operate Security Protection Mechanisms
Tool: IBM Tivoli Privacy Manager
Relationships
Main Description

Context

Tool mentors explain how a tool can perform tasks, which are part of ITUP processes and activities. The tasks are listed as Related Elements in the Relationships section.

You can see the details of how processes and activities are supported by this tool mentor, by clicking the links next to the icons:

Details

Tivoli® Privacy Manager defines a central access control policy (called a privacy policy) that is used to make access decisions. Each piece of data protected by Privacy Manager may be associated with a different policy. The association of data to policy is made at data submission time.

The Tivoli Privacy Manager server uses information supplied by application monitors to perform access control decisions about whether a user can access specific data. Application monitors are the integration components of Tivoli Privacy Manager that allow a privacy policy to be enforced and audited to in an application.

The Tivoli Privacy Manager policy is more sophisticated than most other access control policies as it is governing accesses to instances of data. Privacy Manager uses the following information to make its access control decisions:

  • Identity that is accessing the information.
  • Identity of "data subject" (i.e., who's data is being accessed).
  • Names of the application information that was accessed. e.g pager number
  • Purpose for accessing the required the personal information. For example, "marketing".
  • Other context (user opt-in/opt-out, age, date etc.)

When an access attempt occurs, the monitor gathers the above information. It sends this information to the Tivoli Privacy Manager server. The server then locates the submission record corresponding to the information that was accessed and the governing privacy policy statement. Using the governing statement , the Tivoli Privacy Manager server makes a conformance check to determine if the access conformed to the governing privacy policy.

Tivoli Privacy Manager can enforce access to information in real-time. If enforcement mode is selected then information accesses are blocked until the Tivoli Privacy Manager server determines if the access requests conform to the rules of the governing policy. If audit mode is set the accesses are allowed.

Further information on Tivoli Privacy Manager's access control can be found in the Planning and User's Guide found at http://publib.boulder.ibm.com/tividd/td/PrivacyManagerfore-business1.2.html

For More Information

For more information about this tool, click on the link for this tool at the top of this page.