Security Framework

With so many aspects to consider for IT security, this framework is a very useful approach to analyze how well an organization is addressing overall IT security.  This framework breaks security into people, data, applications, and infrastructure.

PEOPLE- The focus on people looks at controlling and monitoring what information people can and do access.  User provisioning is one of the big considerations.  Does a user have appropriate access to the systems he or she need, and only the system he or she need?  In smaller organizations this is often handled without automation.  Requests come often through a service desk ticket by management or HR for a person in a particular role to be granted access to a specific set of applications.  The challenge with this method is human error.  With movement in an organization, it is easy to end up with a user who has access to systems to which he or she should not be authorized because changing their access was overlooked.  A more thorough method of managing this and more cost effective method in larger organizations is to use an identity and access management system.  This is a centralized engine that manages the user’s privileges rather than administrators changing access application by application.  SIEM (Security Information and Event Management) tools provide another key aspect of people security, because they can detect targeted attacks in early stages and minimize any damage by monitoring user activity and data access. Read more

Discovering the TAC 202 Information Security Standard White Paper

The following is a snippet from the white paper titled Discovering the TAC 202 Information Security Standard. Please click the link below to access the full white paper now!

“The TAC 202 is a freely available security standards framework that can be adapted and applied in many different types of organizations looking for guidance for securing their environment. There are essentially two different variants of the standard. The first is focused on Texas state agencies while the second covers guidance for Texas State Universities. For these two targets, the standard is a requirement. However, it can be applied to a diverse set of environment with a little adaptation. While the TAC 202 would not be considered the definitive security standard for securing your environment unless required, it can represent a great foundation toward building or enhancing your security program.

The Texas Administrative Code Title 1, Part 10, Chapter 202 (TAC 202 for short) is administered by the Texas Department of Information Resources and can be found free of charge through the Texas Secretary of State’s website. As you look through the link standard, you will find the TAC 202 covers the basic terms, definitions, and two groups of subsections focused on either a Texas state agency or a Texas Institution of Higher Education.”

You can also find more information about working with The PathMaker Group to streamline your adoption or implementation of the TAC 202 information security standard by clicking the following link.

Identity and Access Management Best Practices Webinar

How Levi leveraged Identity Management infrastructure to enable “just in time” fully automated privileged system access

Presented by:

  • Chuck Lankford, Global Director of Security at Levi Strauss & Co.
  • Chris Fields, Vice President of Security Strategy, PathMaker Group
  • Ravi Srinivasan, Director of IBM Security, Strategy, and Product Management

In our 50 minute webinar you will:

  • Learn about the latest market trends in Identity and Access Management
  • See why the IBM IAM Suite is one of the hottest sellers in the last six months
  • See what’s new with the IBM IAM Suite including upcoming features and capabilities
  • Hear what customers are buying and why
  • Learn the five most common benefits from a robust IAM infrastructure
  • Learn about best practices for implementing provisioning, access management, federation
  • Hear customer use cases and their key business drivers for IAM

Chuck_Lankford

About the key presenter, Chuck Lankford:

Chuck is the Director of Global Information Security for Levi Strauss & Co. and has responsibility for protecting LS&Co. from threats to the confidentiality, integrity and availability of LS&CO systems, information and infrastructure. Chuck has been with LS&Co. more than 10 years has served in global IT leadership roles for 17 years. Prior to joining LS&Co. Chuck was Director of Global Networking for network products manufacturer 3Com (Santa Clara, CA) where he architected and managed 3Com’s global voice, data and video networks. Chuck holds numerous certifications including Certified Information Security Systems Professional (CISSP), Certified Ethical Hacker, Certified Information Systems Auditor (CISA) and Certified Information Systems Risk Consultant (CISRC).test

Chris_Fields

About Chris Fields:

Chris has held his CISSP certification since 2003 and is the Identity Management Architect & Visionary responsible for setting the strategic direction and architecture approach for all of our IBM identity and access management projects. He is also responsible for managing partner relationships with identity management vendors. Chris’ love of technology makes everything about his job enjoyable. Mentoring and expanding the technical skill sets of his employees is the most enjoyable aspect of his daily activities. Equally enjoyable is the time spent helping clients to understand the industry and discuss viable options for them to begin and mature their identity and access management infrastructures.

Ravi_SrinivasanAbout Ravi Srinivasan:

Ravi manages the IBM identity, access and mainframe security portfolio strategy and product management based in Austin, Texas. He has over 15 years of experience in product management, market strategy, and development in software and services industries. Ravi meets and consults with senior management, lines of business owners and IT operations management around the world on their key security, risk, and compliance initiatives. He’s also a frequent speaker at trade, analyst conferences and customer events to share a worldwide customer perspective and insights on secure mobile, cloud and social business transformations. Ravi mentors several security services practitioners and product managers to develop practical solution approach to changing security, risk and compliance needs.

7th Stage (Security) of IS growth, Part II

A little background:

Now that you’ve been in the CIO’s position for your first quarter, it is time to prepare for your first review with the board of directors.  The agenda for the IS presentation will cover key factors that you discovered in your operations, your accomplishments and your plans for the next year.  Since this is the quarter for your next year’s budget, it should contain the funding needed to accomplish the IS plan.

One of the key factors in the review of your operations was discovering the lack of security focus and non-compliance issues that made the operations vulnerable to unwanted intrusion in your network.  Listed in your accomplishments is the Security Assessment study and recommendations provided by PathMaker Group when you engaged them for a study of your IS environment.  One of their recommendations was to deploy IBM’s Security products for managing Identify and Application Access in your enterprise network.  This is an important undertaking as your company will replace the outdated security monitoring with IBM’s Showcase Solution to keep unwanted intruders out while making it easier for the authorized users to have easy access to their applications.  As a result of PathMaker Group’s findings and recommendations, you asked them to submit a proposal for the corrective solution using IBM Security Products and PMG Professional Services to deploy them in your IS Network.

This section of your review was very well received by the board of directors and they gave you the approval to get started.

Read more