Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
Monitor specific areas of regulatory compliance with relevant reports
IBM Tivoli Compliance Insight Manager Management Modules
Highlights
Jump-start compliance reporting
with IBM Tivoli Compliance Insight
Manager add-on modules
View user activities on information
assets for compliance purposes
Collect and manage native log data,
plus compare specific policies
Generate and leverage highly
relevant reports to view your level
of compliance and respond to
auditors’ requests
Address the challenges of growing numbers
of compliance requirements
To help IT and compliance profes-
sionals overcome a variety of
compliance-related challenges, IBM
Tivoli® Compliance Insight Manager
was built from the ground up to
monitor user access to information
with a robust log collection capability,
and sophisticated interpretation and
reporting engines. To help automate
security-audit and compliance-
reporting efforts, it leverages native
log data from operating systems,
mainframes, applications, databases
and more. The software helps you
identify with precision who touched
what sensitive data so that you can
manage your data and systems in
accordance with company policies.
IBM Tivoli Compliance Insight Manager
Management Modules are extremely
helpful add-on tools that aid you as you
manage compliance activities. These
modules include:
• IBMTivoliSarbanes-Oxley(SOX)Management
Module.
• IBMTivoliInternationalStandardsOrganization
(ISO)17799ManagementModule.
• IBMTivoliGramm-Leach-BlileyAct(GLBA)
ManagementModule.
• IBMTivoliHealthInsurancePortabilityand
AccountabilityAct(HIPAA)Management
Module.
• IBMTivoliBaselIIManagementModule.
Each module takes the centralized,
normalized data from Tivoli Compliance
Insight Manager and works with it in
several ways:
• Anassetclassificationtemplateshowsthe
groupsofinformation,peopleandotherIT
assetsinyourenterprisethatareaffected—
usingthevocabularyemployedbytheregula-
tionorbestpractice.
http://www.ibm.com/ushttp://www.ibm.com/tivoli
�
• Apolicytemplatemeasureseventdataagainsta
customizable,predefinedpolicythatdetermines
whoshouldbeallowedtoaccesssensitivedata
andwhateachgroupofpeopleshouldbeable
todowiththeinformation.
• Areportcenterdrawsontheassetclassifica-
tionandpolicytemplatestoprovidedozens
ofrelevantcompliancereportsgearedtothe
requirementsorbestpractice,andtheIT
controlsyourorganizationhasinplace.
From a single resource center, you can
access all of the management modules
you deploy and access relevant docu-
mentation, such as the ISO 17799
standard, Federal Financial Institutions
Examination Council (FFIEC) Handbook
for GLBA and guidelines about using
Tivoli Compliance Insight Manager
Management Modules to facilitate
compliance efforts.
Tivoli Compliance Insight Manager
PEOPLE TECHNOLOGY MANAGE LOGS MONITOR, AUDIT AND REPORT Compliance ISO 17799 Basel II HIPAA GLBA SOX
Tivo
lim
anag
emen
tm
odul
es
Collect and store
Investigate and retrieve
Log continuity report
User activity monitoring Compliance dashboard
Privileged-user monitoring and auditing
Custom
Best practices
Compliance ISO 17799 Basel II HIPAA GLBA SOX
Applications
Databases
Operating systems
Mainframe
Security devices
Network devices
Privilegedusers
Outsourcers
Trusted users
Consultants
W7 methodology • Who • did What • When • Where • Where from • Where to
• on What
Policy
Tiv
oli
man
agem
ent
mod
ules
By giving you specific views of compli-
ance data from throughout your
enterprise, Tivoli Compliance Insight
Manager Management Modules help
streamline management and facilitate
efforts to respond to audit requests.
Enable auditing and alerting
Identifying the correct types of logging
and alerting — and actually turning
on the appropriate audit settings —
represents a significant challenge in
heterogeneous environments. Tivoli
Compliance Insight Manager aids in
this process, across the enterprise —
turning on monitoring so that crucial
events are not missed.
By leveraging the IBM expertise
gained from deployments in complex
environments around the world,
you can monitor the crucial events
throughout your enterprise that are
most relevant to the requirements and
best practices you look to comply with.
Implement and customize policy templates
The policy templates included with
Tivoli Compliance Insight Manager are
based on customer and industry best
practices — including the ISO 17799
standard — to give you a “quick start”
on compliance efforts.
Additionally, Tivoli Compliance Insight
Manager Management Modules offer
tailored policy templates. They help
you implement security policy, compare
actual user behavior with that policy and
prepare for stringent security audits.
�
Receive alerts and generate
compliance reports
Robust alerting and reporting capa-
bilities are built into Tivoli Compliance
Insight Manager, and Tivoli Compliance
Insight Manager Management Modules
add numerous best-practice reports
for the requirements you face. From
an easy-to-understand, color-coded
compliance dashboard, you can quickly
view your status with respect to compli-
ance and drill down to specific events.
Security managers can view alerts
generated by the software, browse
the reports, customize reports for addi-
tional requirements and print them out
as needed.
Tivoli Compliance Insight Manager also
offers you the ability to create your own
compliance management reports and
respond with great precision to audi-
tors’ requests. An advanced report
definition wizard helps you quickly
home in on the relevant specifics. You
can also automate report distribution to
streamline verification processes and
other business workflows.
Archive all events
One of the most frequently over-
looked areas relates to the need to
archive native log files in accordance
with compliance requirements. Tivoli
Compliance Insight Manager automates
consolidation and archiving of log files
from diverse platforms and devices. As
a result, you can use Tivoli Compliance
Insight Manager Management Modules
on the archived data to report on
events over time and allow for after-
the-fact investigation.
Each Tivoli Compliance Insight Manager Management Module comes with a regulatory- or standard-specific classification template, a policy template and a report center.
Conduct investigations
When compliance breaches occur,
Tivoli Compliance Insight Manager
Management Modules help you track
policy violations. You can also use
the normalized, archived log data to
perform forensic investigations. Rather
than sort through personnel files and
log data manually, you can rapidly
access audit files and understand
specific user behavior. With Tivoli
Compliance Insight Manager–archived
log data and the ability to analyze the
normalized information, forensic investi-
gations become easier.
For more information
Tivoli Compliance Insight Manager and
Tivoli Compliance Insight Manager
Management Modules offer highly
targeted solutions to address the
compliance requirements of stringent
regulations and best practices.
To learn more about how Tivoli
Compliance Insight Manager
Management Modules can help your
organization enforce and demonstrate
the effectiveness of your compliance
efforts, contact your IBM representative
or IBM Business Partner, or visit
ibm.com/tivoli
About Tivoli software from IBM
Tivoli software provides a set of
offerings and capabilities in support
of IBM Service Management, a scal-
able, modular approach used to deliver
more efficient and effective services
to your business. Helping meet the
needs of any size business, Tivoli soft-
ware enables you to deliver service
excellence in support of your business
objectives through integration and
automation of processes, workflows
and tasks. The security-rich, open
standards–based Tivoli service manage-
ment platform is complemented by
proactive operational management
solutions that provide end-to-end
visibility and control. It is also backed
by world-class IBM Services, IBM
Support and an active ecosystem of
IBM Business Partners. Tivoli customers
and business partners can also leverage
each other’s best practices by partici-
pating in independently run IBM Tivoli
User Groups around the world —
visit www.tivoli-ug.org
Tivoli Compliance Insight Manager Management Modules at a glance
The management modules are optional components that can be installed on any existing Tivoli Compliance Insight Manager server.
TID10408-USEN-00
© Copyright IBM Corporation 2007
IBM Corporation Software Group Route 100 Somers, NY 10589 U.S.A.
Produced in the United States of America 6-07 All Rights Reserved
IBM, the IBM logo and Tivoli are trademarks of International Business Machines Corporation in the United States, other countries or both.
Other company, product and service names may be trademarks or service marks of others.
Disclaimer: The customer is responsible for ensuring compliance with legal requirements. It is the customer’s sole responsibility to obtain advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulatory requirements that may affect the customer’s business and any actions the reader may have to take to comply with such laws. IBM does not provide legal advice or represent or warrant that its services or products will ensure that the customer is in compliance with any law or regulation.
http://www.ibm.com/tivolihttp://www.tivoli-ug.orghttp://www.ibm.com/tivolihttp://www.ibm.com/us
BookmarksAddress the challenges of growing numberEnable auditing and alertingImplement and customize policy templatesReceive alerts and generate compliance Archive all eventsConduct investigationsFor more informationAbout Tivoli software from IBM