© Copyright IBM Corporation 2012

No part of it may be circulated, quoted, or reproduced for distribution without prior approval from IBM

Global Technology Services

보안 우리가 방심하면고객은 변심한다-글로벌 기업의 보안관리

2012.5

IBM Korea

IBM SECURITY

2 page

The new security landscape

emergence of mobile, cloud, BYOIT, and Web 2.0

Exploding and Interconnected

Digital Universe

33% of all new business software

spending will be Software as a Service

1 billion

workers will be

remote or

mobile

1 trillion connected

objects (cars,

appliances,

cameras)

� 1B Mobile Internet users

� 30% growth of 3G devices

Embracing New Technologies,

Adopting New Business Models

Mobility

Cloud / Virtualization

Social Business

Bring Your

Own IT

Employees,

customers,

contractors,

outsourcers

30 billion RFID tags

(products,

passports,

buildings,

animals)

IBM SECURITY

3 page

Increasing Threats & Challenges

기업의정보보안요건은확대되고있으나, 낮은관심도와제한적투자, 전문성의부족등으로인해많은기업들이보안리스크에노출되어있으며적절한대응체계를갖추지못하고있습니다

“The Year of the Security Breach” – IBM’s X-Force® R&D

IBM SECURITY

4 page

글로벌 보안 관련 법/규제 현황

Privacy Information Protection Act (2011)

글로벌전역에서정보보호관련다양한법/규제를시행하고있습니다

IBM SECURITY

5 page

IBM의 실천IBM은내부적으로 10개과제를실천하고있습니다

1. Build a Risk Aware Culture &

Management System

2. Manage Incidents

3. Secure the Workplace of

the Future (Endpoint)

4. Secure Services, By Design

10. Manage the Identity Lifecycle

9. Protect Structured &

Unstructured Data

7. Address New Complexity of

Cloud and Virtualization

6. Control Network Access5. Take a Hygienic Approach to

Managing Infrastructure

8. Assure Supply Chain Security

Compliance

IBM SECURITY

6 page

1. Build a Risk Aware Culture & Management System

AS-IS 진단및 GAP 분석 기술적취약점점검

보안거버넌스정립및마스터플랜 로드맵수립 (예)

IBM SECURITY

7 page

2. Manage Incidents

Customer Sites/ SO Accounts

Customer IT-Security Manager• Real time systems health checking• Track threats, reduce risks

Customer CIO/VP executive reporting• Policy reporting• Audit reporting• Compliance dashboard

X-Force Threat Analysis Service

� 13 billion managed security events a day � 9 SOCs globally

� Guaranteed 100% SLA’s offered

� Follow the sun services; 24x7x365

�Mobile Device Security Services

�Application Security On Demand

�Vulnerability Management Services

�Security Event and Log Management

�Email/Web Filtering Services

Internet

Collect Meta data(logs, events)

MonitoringAlerting Reporting

IBM Security Operations Center

SOCAtlanta - Detroit BackBone

SOCBrussels

SOCJapan

SOCBrisbane

SOCIndia

SaaS

IBM SECURITY

8 page

3. Secure the Workplace of the Future (Endpoint)

Secure the endpoint device

Defend the network and protect corporate systems

Develop and deliver safe applications

Internet

WiFi

Bluetooth

Connection

Telecom

Provider

Mobile

Device

Web

sites

Mobile

apps

Corporate

Gateway

Corporate

Intranet

IBM SECURITY

9 page

4. Secure Services, By Design

Role/Person

필수보안테스트필수보안테스트필수보안 테스트보안계획 수립정책 소스코드 분석툴취약성분석툴취약성분석툴취약성분석툴소스코드 분석툴취약성분석툴자동화툴

보안디자인원칙구조적위험분석보안요구사항분석PM/아키텍트

데이터관리취약성점검취약성점검•보안유지•보안변경관리

MAINTAIN

데이터관리취약성점검취약성점검•위험분석•보안테스팅

TEST

데이터관리취약성점검취약성점검•취약성관리•보안테스팅

DEPLOY

보안코딩코드리뷰•보안코딩•코드리뷰

CODE

•보안디자인원칙•구조적위험분석

DESIGNREQUIREMENTS

Privacy 팀

IT 보안팀

주요보안활동

•보안요구사항개발자

보안 활동에 필요한 가이드, 베스트프랙티스, 교육 제공보안아키텍처보드교육지원

IBM SECURITY

10 page

5. Take a Hygienic Approach to Managing Infrastructure

기간

고객의견개요

IBM SECURITY

11 page

6. Control Network Access

(인터넷) 관리자사용자

접근통제 및감사시스템서버시스템

사용자관리장비관리정책관리실시간모니터링로그관리통계접속리스트대상장비 작업창사용자로그인

IBM SECURITY

12 page

7. Address New Complexity of Cloud and Virtualization

Identity

Federation

Web Application

Scanning

Virtualization

Security

Network

Security

Image & Patch

Management

Database

Monitoring

IBM Security Intelligence

IBM SECURITY

13 page

8. Assure Supply Chain Security Compliance

발주사: 고객정보및 DM 컨텐츠제공 DM 아웃소싱:

DM 컨텐츠제작, 프린팅, 배송, 반송관리

고객 DB 개인자료(고객정보)

•고객명•주소•사용내역

+Campaign Message 1

Campaign Message 2

컨텐츠제작 (청구서)-고객명-주소-사용내역

MSG 1 MSG 2

전송(웹하드, email, USB 등)

상담직원 고객communication

본사마케터

지점영업

본사마케터

지점영업

개인정보보호법이슈

개인정보보호법이슈

IBM SECURITY

14 page

9. Protect Structured & Unstructured Data

�Middle ware 단의

log 파일과

backup DATA

암호화

�Log Files

�Password files

�Configuration files

�DB tablespace

file & raw device

암호화

�Raw partitions

�Data files

�Transaction

logs

�Exports

�Backup

�다양한 backup

data에대한

암호화보관관리

�File shares

�Archive

�Content

repositories

�Multi-media

IIS Apache WebLogic

File

Servers

FTP

Servers

Email

ServersOther

DB2 Oracle SQL Sybase Legacy

ERP CRM Payments CMS Legacy

DAS SAN NAS VM

IBM SECURITY

15 page

10. Manage the Identity Lifecycle

IBM SECURITY

16 page

글로벌 기업 사례

ExxonMobil to Improve Security Protection with a Cloud Security Solution from IBM

Fidelity Information Systems Partners with IBM to Tackle a Complex Government Initiative

Hilton to Achieve PCI Compliancy with A Cost-Effective Security Solution from IBM

Wal-Mart, working with IBM consultants, performs secure code reviews of pre-production code. These reviews identify vulnerabilities in the code and provide recommended steps for remediation.

Vodafone, India – Application Security and Vulnerability Assessment

IBM SECURITY

17 page

IBM’s Security

IBM Security Framework

Security governance, risk

management and compliance

Professional services

Managed services

Hardware and software

People and identity

Data and information

Application and process

Network, servers and endpoints

Physical infrastructure

Common policy, event handling and reporting

Professional services

Managed services

Products

Cloud delivered

1Service oriented architecture (SOA), 2Intrusion detection system and intrusion prevention system (IDS/IPS, 3Managed firewall service (MFS)

Security governance, risk and compliance

Security Information and event management (SIEM) and log

management

Identity and access management

Identity management Access management

Data security

E-mail Security

Encryption and key lifecycle management

Database monitoring and protection

Data loss prevention Data entitlement management

Messaging security

Data masking

Application vulnerability scanning

Application security

Web and URL filtering Access and entitlement

management

Web application firewall

SOA1 security

Infrastructure security

Vulnerability assessment

Virtual system security

Endpoint protection

Threatanalysis

Security event management

Managed mobility svcs.

Intrusion prevention system

Firewall, IDS/IPS2

MFS3 managementMainframe security audit,

administration and compliance Security configuration and patch management

Physical security

IBM Portfolio includes a wide array of security offerings across all IT domains

IBM SECURITY

18 page

Security Intelligence,

Analytics & GRC

People

Data

Applications

Infrastructure

DNA to secure a Smarter Planet

IBM SECURITY

19 page

IBM SECURITY

20 page

End of Document