Security in Development: The IBM Secure Engineering Framework

Security in Development: The IBM Secure Engineering Framework

Author: Warren Grunbok

Publisher: IBM Redbooks

Published: 2018-12-17

Total Pages: 32

ISBN-13: 0738457175

DOWNLOAD EBOOK

IBM® has long been recognized as a leading provider of hardware, software, and services that are of the highest quality, reliability, function, and integrity. IBM products and services are used around the world by people and organizations with mission-critical demands for high performance, high stress tolerance, high availability, and high security. As a testament to this long-standing attention at IBM, demonstration of this attention to security can be traced back to the Integrity Statement for IBM mainframe software, which was originally published in 1973: IBM's long-term commitment to System Integrity is unique in the industry, and forms the basis of MVS (now IBM z/OS) industry leadership in system security. IBM MVS (now IBM z/OS) is designed to help you protect your system, data, transactions, and applications from accidental or malicious modification. This is one of the many reasons IBM 360 (now IBM Z) remains the industry's premier data server for mission-critical workloads. This commitment continues to apply to IBM's mainframe systems and is reiterated at the Server RACF General User's Guide web page. The IT market transformed in 40-plus years, and so have product development and information security practices. The IBM commitment to continuously improving product security remains a constant differentiator for the company. In this IBM RedguideTM publication, we describe secure engineering practices for software products. We offer a description of an end-to-end approach to product development and delivery, with security considered. IBM is producing this IBM Redguide publication in the hope that interested parties (clients, other IT companies, academics, and others) can find these practices to be a useful example of the type of security practices that are increasingly a must-have for developing products and applications that run in the world's digital infrastructure. We also hope this publication can enrich our continued collaboration with others in the industry, standards bodies, government, and elsewhere, as we seek to learn and continuously refine our approach.


Using the IBM Security Framework and IBM Security Blueprint to Realize Business-Driven Security

Using the IBM Security Framework and IBM Security Blueprint to Realize Business-Driven Security

Author: Axel Buecker

Publisher: IBM Redbooks

Published: 2014-02-06

Total Pages: 240

ISBN-13: 0738437891

DOWNLOAD EBOOK

Security is a major consideration in the way that business and information technology systems are designed, built, operated, and managed. The need to be able to integrate security into those systems and the discussions with business functions and operations exists more than ever. This IBM® Redbooks® publication explores concerns that characterize security requirements of, and threats to, business and information technology (IT) systems. This book identifies many business drivers that illustrate these concerns, including managing risk and cost, and compliance to business policies and external regulations. This book shows how these drivers can be translated into capabilities and security needs that can be represented in frameworks, such as the IBM Security Blueprint, to better enable enterprise security. To help organizations with their security challenges, IBM created a bridge to address the communication gap between the business and technical perspectives of security to enable simplification of thought and process. The IBM Security Framework can help you translate the business view, and the IBM Security Blueprint describes the technology landscape view. Together, they can help bring together the experiences that we gained from working with many clients to build a comprehensive view of security capabilities and needs. This book is intended to be a valuable resource for business leaders, security officers, and consultants who want to understand and implement enterprise security by considering a set of core security capabilities and services.


The Journey Continues: From Data Lake to Data-Driven Organization

The Journey Continues: From Data Lake to Data-Driven Organization

Author: Mandy Chessell

Publisher: IBM Redbooks

Published: 2018-02-19

Total Pages: 30

ISBN-13: 0738456667

DOWNLOAD EBOOK

This IBM RedguideTM publication looks back on the key decisions that made the data lake successful and looks forward to the future. It proposes that the metadata management and governance approaches developed for the data lake can be adopted more broadly to increase the value that an organization gets from its data. Delivering this broader vision, however, requires a new generation of data catalogs and governance tools built on open standards that are adopted by a multi-vendor ecosystem of data platforms and tools. Work is already underway to define and deliver this capability, and there are multiple ways to engage. This guide covers the reasons why this new capability is critical for modern businesses and how you can get value from it.


IBM Security Solutions Architecture for Network, Server and Endpoint

IBM Security Solutions Architecture for Network, Server and Endpoint

Author: Axel Buecker

Publisher: IBM Redbooks

Published: 2011-02-17

Total Pages: 510

ISBN-13: 0738435430

DOWNLOAD EBOOK

Threats come from a variety of sources. Insider threats, as well as malicious hackers, are not only difficult to detect and prevent, but many times the authors of these threats are using resources without anybody being aware that those threats are there. Threats would not be harmful if there were no vulnerabilities that could be exploited. With IT environments becoming more complex every day, the challenges to keep an eye on all potential weaknesses are skyrocketing. Smart methods to detect threats and vulnerabilities, as well as highly efficient approaches to analysis, mitigation, and remediation, become necessary to counter a growing number of attacks against networks, servers, and endpoints in every organization. In this IBM® Redbooks® publication, we examine the aspects of the holistic Threat and Vulnerability Management component in the Network, Server and Endpoint domain of the IBM Security Framework. We explain the comprehensive solution approach, identify business drivers and issues, and derive corresponding functional and technical requirements, which enables us to choose and create matching security solutions. We discuss IBM Security Solutions for Network, Server and Endpoint to effectively counter threats and attacks using a range of protection technologies and service offerings. Using two customer scenarios, we apply the solution design approach and show how to address the customer requirements by identifying the corresponding IBM service and software products.


Network Intrusion Prevention Design Guide: Using IBM Security Network IPS

Network Intrusion Prevention Design Guide: Using IBM Security Network IPS

Author: Axel Buecker

Publisher: IBM Redbooks

Published: 2011-12-16

Total Pages: 278

ISBN-13: 0738436216

DOWNLOAD EBOOK

Every organization today needs to manage the risk of exposing business-critical data, improve business continuity, and minimize the cost of managing IT security. Most all IT assets of an organization share a common network infrastructure. Therefore, the first line of defense is to establish proper network security. This security is a prerequisite for a logical set of technical countermeasures to protect from many different attack vectors that use the network to infiltrate the backbone of an organization. The IBM® Security Network Intrusion Prevention System (IPS) stops network-based threats before they can impact the business operations of an organization. Preemptive protection, which is protection that works ahead of a threat, is available by means of a combination of line-speed performance, security intelligence, and a modular protection engine that enables security convergence. By consolidating network security demands for data security and protection for web applications, the IBM Security Network IPS serves as the security platform that can reduce the costs and complexity of deploying and managing point solutions. This IBM Redbooks® publication provides IT architects and security specialists a better understanding of the challenging topic of blocking network threats. This book highlights security convergence of IBM Virtual Patch® technology, data security, and Web Application Protection. In addition, this book explores the technical foundation of the IBM Security Network IPS. It explains how to set up, configure, and maintain proper network perimeter protection within a real-world business scenario.


Reduce Risk and Improve Security on IBM Mainframes: Volume 1 Architecture and Platform Security

Reduce Risk and Improve Security on IBM Mainframes: Volume 1 Architecture and Platform Security

Author: Axel Buecker

Publisher: IBM Redbooks

Published: 2016-03-22

Total Pages: 332

ISBN-13: 0738440108

DOWNLOAD EBOOK

This IBM® Redbooks® publication documents the strength and value of the IBM security strategy with IBM System z® hardware and software. In an age of increasing security consciousness, IBM System z provides the capabilities to address the needs of today's business security challenges. This publication explores how System z hardware is designed to provide integrity, process isolation, and cryptographic capability to help address security requirements. This book highlights the features of IBM z/OS® and other operating systems, which offer various customizable security elements under the Security Server and Communication Server components. This book describes z/OS and other operating systems and additional software that leverage the building blocks of System z hardware to provide solutions to business security needs. This publication's intended audience is technical architects, planners, and managers who are interested in exploring how the security design and features of System z, the z/OS operating system, and associated software address current issues, such as data encryption, authentication, authorization, network security, auditing, ease of security administration, and monitoring.


IBM Storage Virtualize, IBM Storage FlashSystem, and IBM SAN Volume Controller Security Feature Checklist

IBM Storage Virtualize, IBM Storage FlashSystem, and IBM SAN Volume Controller Security Feature Checklist

Author: Bill Scales

Publisher: IBM Redbooks

Published: 2023-07-03

Total Pages: 36

ISBN-13: 0738461245

DOWNLOAD EBOOK

IBM® Storage Virtualize based storage systems are secure storage platforms that implement various security-related features, in terms of system-level access controls and data-level security features. This document outlines the available security features and options of IBM Storage Virtualize based storage systems. It is not intended as a "how to" or best practice document. Instead, it is a checklist of features that can be reviewed by a user security team to aid in the definition of a policy to be followed when implementing IBM FlashSystem®, IBM SAN Volume Controller, and IBM Storage Virtualize for Public Cloud. IBM Storage Virtualize features the following levels of security to protect against threats and to keep the attack surface as small as possible: The first line of defense is to offer strict verification features that stop unauthorized users from using login interfaces and gaining access to the system and its configuration. The second line of defense is to offer least privilege features that restrict the environment and limit any effect if a malicious actor does access the system configuration. The third line of defense is to run in a minimal, locked down, mode to prevent damage spreading to the kernel and rest of the operating system. The fourth line of defense is to protect the data at rest that is stored on the system from theft, loss, or corruption (malicious or accidental). The topics that are discussed in this paper can be broadly split into two categories: System security: This type of security encompasses the first three lines of defense that prevent unauthorized access to the system, protect the logical configuration of the storage system, and restrict what actions users can perform. It also ensures visibility and reporting of system level events that can be used by a Security Information and Event Management (SIEM) solution, such as IBM QRadar®. Data security: This type of security encompasses the fourth line of defense. It protects the data that is stored on the system against theft, loss, or attack. These data security features include Encryption of Data At Rest (EDAR) or IBM Safeguarded Copy (SGC). This document is correct as of IBM Storage Virtualize 8.5.3.


IBM Spectrum Virtualize Considerations for PCI-DSS Compliance

IBM Spectrum Virtualize Considerations for PCI-DSS Compliance

Author: Clarence Pouthier

Publisher: IBM Redbooks

Published: 2017-10-03

Total Pages: 24

ISBN-13: 0738456365

DOWNLOAD EBOOK

The Payment Card Industry Data Security Standard (PCI-DSS) is the global information security standard for organizations that process, store, or transmit data with any of the major credit card brands. More and more organizations are looking for compliance with this standard. This IBM® RedpaperTM describes how the features and functions of IBM SpectrumTM Virtualize help organizations towards compliance of their IT infrastructure on relevant areas of the PCI-DSS standard. IBM Spectrum VirtualizeTM is the software common to all IBM Storwize® products such as IBM SAN Volume Controller (SVC), IBM Storwize V5000 family, IBM Storwize V7000, IBM FlashSystem® V9000, and IBM Spectrum Virtualize as Software. Therefore, all recommendations in this paper equally apply to these storage products.


AIX V6 Advanced Security Features Introduction and Configuration

AIX V6 Advanced Security Features Introduction and Configuration

Author: Chris Almond

Publisher: IBM Redbooks

Published: 2013-08-26

Total Pages: 418

ISBN-13: 0738489247

DOWNLOAD EBOOK

AIX Version 6.1 provides many significant new security technologies and security enhancements. The purpose of this IBM Redbooks publication is to highlight and explain the security features at the conceptual level, as well as provide practical examples of how they may be implemented. Some features are extensions of features made available in prior AIX releases, and some are new features introduced with AIX V6. Major new security enhancements will be introduced with AIX V6 in 2007: - Trusted AIX (Multilevel Security) - Role Based Access Control (RBAC) - Encrypted File System - Trusted Execution - AIX Security Expert Enhancements This IBM Redbooks publication will provide a technical introduction to these new enhancements. The topics are both broad and very complex. This book will serve as an initial effort in describing all of the enhancements together in a single volume to the security/system hardening oriented audience.


Threats, Countermeasures, and Advances in Applied Information Security

Threats, Countermeasures, and Advances in Applied Information Security

Author: Gupta, Manish

Publisher: IGI Global

Published: 2012-04-30

Total Pages: 547

ISBN-13: 1466609796

DOWNLOAD EBOOK

Organizations are increasingly relying on electronic information to conduct business, which has caused the amount of personal information to grow exponentially. Threats, Countermeasures, and Advances in Applied Information Security addresses the fact that managing information security program while effectively managing risks has never been so critical. This book contains 24 chapters on the most relevant and important issues and advances in applied information security management. The chapters are authored by leading researchers and practitioners in the field of information security from across the globe. The chapters represent emerging threats and countermeasures for effective management of information security at organizations.