Upload
hahuong
View
226
Download
6
Embed Size (px)
Citation preview
© Copyright IBM Corporation 2012
No part of it may be circulated, quoted, or reproduced for distribution without prior approval from IBM
Global Technology Services
보안 우리가 방심하면고객은 변심한다-글로벌 기업의 보안관리
2012.5
IBM Korea
IBM SECURITY
2 page
The new security landscape
emergence of mobile, cloud, BYOIT, and Web 2.0
Exploding and Interconnected
Digital Universe
33% of all new business software
spending will be Software as a Service
1 billion
workers will be
remote or
mobile
1 trillion connected
objects (cars,
appliances,
cameras)
� 1B Mobile Internet users
� 30% growth of 3G devices
Embracing New Technologies,
Adopting New Business Models
Mobility
Cloud / Virtualization
Social Business
Bring Your
Own IT
Employees,
customers,
contractors,
outsourcers
30 billion RFID tags
(products,
passports,
buildings,
animals)
IBM SECURITY
3 page
Increasing Threats & Challenges
기업의정보보안요건은확대되고있으나, 낮은관심도와제한적투자, 전문성의부족등으로인해많은기업들이보안리스크에노출되어있으며적절한대응체계를갖추지못하고있습니다
“The Year of the Security Breach” – IBM’s X-Force® R&D
IBM SECURITY
4 page
글로벌 보안 관련 법/규제 현황
Privacy Information Protection Act (2011)
글로벌전역에서정보보호관련다양한법/규제를시행하고있습니다
IBM SECURITY
5 page
IBM의 실천IBM은내부적으로 10개과제를실천하고있습니다
1. Build a Risk Aware Culture &
Management System
2. Manage Incidents
3. Secure the Workplace of
the Future (Endpoint)
4. Secure Services, By Design
10. Manage the Identity Lifecycle
9. Protect Structured &
Unstructured Data
7. Address New Complexity of
Cloud and Virtualization
6. Control Network Access5. Take a Hygienic Approach to
Managing Infrastructure
8. Assure Supply Chain Security
Compliance
IBM SECURITY
6 page
1. Build a Risk Aware Culture & Management System
AS-IS 진단및 GAP 분석 기술적취약점점검
보안거버넌스정립및마스터플랜 로드맵수립 (예)
IBM SECURITY
7 page
2. Manage Incidents
Customer Sites/ SO Accounts
Customer IT-Security Manager• Real time systems health checking• Track threats, reduce risks
Customer CIO/VP executive reporting• Policy reporting• Audit reporting• Compliance dashboard
X-Force Threat Analysis Service
� 13 billion managed security events a day � 9 SOCs globally
� Guaranteed 100% SLA’s offered
� Follow the sun services; 24x7x365
�Mobile Device Security Services
�Application Security On Demand
�Vulnerability Management Services
�Security Event and Log Management
�Email/Web Filtering Services
Internet
Collect Meta data(logs, events)
MonitoringAlerting Reporting
IBM Security Operations Center
SOCAtlanta - Detroit BackBone
SOCBrussels
SOCJapan
SOCBrisbane
SOCIndia
SaaS
IBM SECURITY
8 page
3. Secure the Workplace of the Future (Endpoint)
Secure the endpoint device
Defend the network and protect corporate systems
Develop and deliver safe applications
Internet
WiFi
Bluetooth
Connection
Telecom
Provider
Mobile
Device
Web
sites
Mobile
apps
Corporate
Gateway
Corporate
Intranet
IBM SECURITY
9 page
4. Secure Services, By Design
Role/Person
필수보안테스트필수보안테스트필수보안 테스트보안계획 수립정책 소스코드 분석툴취약성분석툴취약성분석툴취약성분석툴소스코드 분석툴취약성분석툴자동화툴
보안디자인원칙구조적위험분석보안요구사항분석PM/아키텍트
데이터관리취약성점검취약성점검•보안유지•보안변경관리
MAINTAIN
데이터관리취약성점검취약성점검•위험분석•보안테스팅
TEST
데이터관리취약성점검취약성점검•취약성관리•보안테스팅
DEPLOY
보안코딩코드리뷰•보안코딩•코드리뷰
CODE
•보안디자인원칙•구조적위험분석
DESIGNREQUIREMENTS
Privacy 팀
IT 보안팀
주요보안활동
•보안요구사항개발자
보안 활동에 필요한 가이드, 베스트프랙티스, 교육 제공보안아키텍처보드교육지원
IBM SECURITY
10 page
5. Take a Hygienic Approach to Managing Infrastructure
기간
고객의견개요
IBM SECURITY
11 page
6. Control Network Access
(인터넷) 관리자사용자
접근통제 및감사시스템서버시스템
사용자관리장비관리정책관리실시간모니터링로그관리통계접속리스트대상장비 작업창사용자로그인
IBM SECURITY
12 page
7. Address New Complexity of Cloud and Virtualization
Identity
Federation
Web Application
Scanning
Virtualization
Security
Network
Security
Image & Patch
Management
Database
Monitoring
IBM Security Intelligence
IBM SECURITY
13 page
8. Assure Supply Chain Security Compliance
발주사: 고객정보및 DM 컨텐츠제공 DM 아웃소싱:
DM 컨텐츠제작, 프린팅, 배송, 반송관리
고객 DB 개인자료(고객정보)
•고객명•주소•사용내역
+Campaign Message 1
Campaign Message 2
컨텐츠제작 (청구서)-고객명-주소-사용내역
MSG 1 MSG 2
전송(웹하드, email, USB 등)
상담직원 고객communication
본사마케터
지점영업
본사마케터
지점영업
개인정보보호법이슈
개인정보보호법이슈
IBM SECURITY
14 page
9. Protect Structured & Unstructured Data
�Middle ware 단의
log 파일과
backup DATA
암호화
�Log Files
�Password files
�Configuration files
�DB tablespace
file & raw device
암호화
�Raw partitions
�Data files
�Transaction
logs
�Exports
�Backup
�다양한 backup
data에대한
암호화보관관리
�File shares
�Archive
�Content
repositories
�Multi-media
IIS Apache WebLogic
File
Servers
FTP
Servers
ServersOther
DB2 Oracle SQL Sybase Legacy
ERP CRM Payments CMS Legacy
DAS SAN NAS VM
IBM SECURITY
15 page
10. Manage the Identity Lifecycle
IBM SECURITY
16 page
글로벌 기업 사례
ExxonMobil to Improve Security Protection with a Cloud Security Solution from IBM
Fidelity Information Systems Partners with IBM to Tackle a Complex Government Initiative
Hilton to Achieve PCI Compliancy with A Cost-Effective Security Solution from IBM
Wal-Mart, working with IBM consultants, performs secure code reviews of pre-production code. These reviews identify vulnerabilities in the code and provide recommended steps for remediation.
Vodafone, India – Application Security and Vulnerability Assessment
IBM SECURITY
17 page
IBM’s Security
IBM Security Framework
Security governance, risk
management and compliance
Professional services
Managed services
Hardware and software
People and identity
Data and information
Application and process
Network, servers and endpoints
Physical infrastructure
Common policy, event handling and reporting
Professional services
Managed services
Products
Cloud delivered
1Service oriented architecture (SOA), 2Intrusion detection system and intrusion prevention system (IDS/IPS, 3Managed firewall service (MFS)
Security governance, risk and compliance
Security Information and event management (SIEM) and log
management
Identity and access management
Identity management Access management
Data security
E-mail Security
Encryption and key lifecycle management
Database monitoring and protection
Data loss prevention Data entitlement management
Messaging security
Data masking
Application vulnerability scanning
Application security
Web and URL filtering Access and entitlement
management
Web application firewall
SOA1 security
Infrastructure security
Vulnerability assessment
Virtual system security
Endpoint protection
Threatanalysis
Security event management
Managed mobility svcs.
Intrusion prevention system
Firewall, IDS/IPS2
MFS3 managementMainframe security audit,
administration and compliance Security configuration and patch management
Physical security
IBM Portfolio includes a wide array of security offerings across all IT domains
IBM SECURITY
18 page
Security Intelligence,
Analytics & GRC
People
Data
Applications
Infrastructure
DNA to secure a Smarter Planet
IBM SECURITY
19 page
IBM SECURITY
20 page
End of Document