Security Management Fundamentals
The industry has approached the development of security management products in a “bottom-up” direction, providing key components of the security management functionality wherever this has been technically feasible. Vendors have focused on supporting management approaches with a significant following. For example, ITIL, COBIT, and ISO 27000 have provided focal points around which management products have clustered. Organizations should evaluate components that will deliver a significant return on investment (ROI) in their environments while providing a platform for the development of a more comprehensive security management environment.
Products in the security management category can deliver business benefits in the following areas:
In the field of patch management, management products have to integrate with the patch delivery services of several application and platform vendors. These vendor patches may adversely impact larger organizations with more customized IT deployments if the patch conflicts with a customization that the organization has applied to the application. Organizations therefore try to apply patches in a periodic rollout strategy and test each group of updates before they are deployed. The security management tools then have to be integrated with the organization’s testing tools and processes.
Each of the regulations that impact businesses require organizations to deploy multiple security “controls” over their systems and processes. Every organization is subject to many laws and regulations. Fortunately, the same controls feature in multiple laws and regulatory regimes. Some security management tools help users rationalize these activities and avoid duplicating reports or controls.
Generally, the benefits of security management increase with the size of the organization. The need to use automated tools to collate, rationalize, and assimilate information from diverse sources increases with the size of the operation
Products in the security management category can deliver business benefits in the following areas:
- They can provide the evidence to satisfy audit and compliance requirements, which in some business situations are mandatory obligations. In other situations, the information may be useful to reassure business partners and customers about the security of their intellectual property.
- They can improve the effectiveness of the organization’s security efforts.
- They can enable better security alignment of resources to the risks the organization faces, and therefore a better return on investment.
- These benefits depend on the organization using the information that the tools provide. The task of converting the information provided by the tools into actions is not trivial. Management tools in general tend towards generating too much information and obscuring the key messages under a mountain of less important data. Therefore, tools should be judged by the extent to which they filter information and allow tailoring of alerts to business priorities. When interfacing with risk management activities, the main difficulty is in determining reliable quantitative information about risks. Business benefits depend on the relevance of the information obtained and the use that is made of it.
In the field of patch management, management products have to integrate with the patch delivery services of several application and platform vendors. These vendor patches may adversely impact larger organizations with more customized IT deployments if the patch conflicts with a customization that the organization has applied to the application. Organizations therefore try to apply patches in a periodic rollout strategy and test each group of updates before they are deployed. The security management tools then have to be integrated with the organization’s testing tools and processes.
Each of the regulations that impact businesses require organizations to deploy multiple security “controls” over their systems and processes. Every organization is subject to many laws and regulations. Fortunately, the same controls feature in multiple laws and regulatory regimes. Some security management tools help users rationalize these activities and avoid duplicating reports or controls.
Generally, the benefits of security management increase with the size of the organization. The need to use automated tools to collate, rationalize, and assimilate information from diverse sources increases with the size of the operation
SUMMARY
Impact
Ovum view
Key messages
Definition
BUSINESS IMPACT
Putting security into a business context
Integrating security management with compliance management
Converging security management with systems management
Converging information security and physical security management
Converging security management and application development
SELECTION CRITERIA
Security management is a process that requires support
How to group security management functionality
Managing past, present, and future aspects
RATIONALIZING PRODUCTS AND SUPPLIERS
Overview
Functionality
Risk management
Configuration and patch management
Security information and event management
Logging and reporting
Architecture
SOLUTION MATURITY
Security management has taken a central role within IT security suites
Security management deployment is low risk
DEPLOYMENT AND MANAGEMENT CONSIDERATIONS
Regulated industries have the most need for security management
The business view of IT security
Systems integrators have a role in deploying security management
External security management services
RECOMMENDATIONS
Recommendations for enterprises
Recommendations for vendors
APPENDIX
Further reading
Methodology
Impact
Ovum view
Key messages
Definition
BUSINESS IMPACT
Putting security into a business context
Integrating security management with compliance management
Converging security management with systems management
Converging information security and physical security management
Converging security management and application development
SELECTION CRITERIA
Security management is a process that requires support
How to group security management functionality
Managing past, present, and future aspects
RATIONALIZING PRODUCTS AND SUPPLIERS
Overview
Functionality
Risk management
Configuration and patch management
Security information and event management
Logging and reporting
Architecture
SOLUTION MATURITY
Security management has taken a central role within IT security suites
Security management deployment is low risk
DEPLOYMENT AND MANAGEMENT CONSIDERATIONS
Regulated industries have the most need for security management
The business view of IT security
Systems integrators have a role in deploying security management
External security management services
RECOMMENDATIONS
Recommendations for enterprises
Recommendations for vendors
APPENDIX
Further reading
Methodology
LIST OF FIGURES
Figure 1: Security management interactions
Figure 1: Security management interactions
