The Lazy Genius
 Internet Storm Center Infocon Status
Home
Syndicate
Syndicate this category
Main Page
 Tools
 Audrey
 IBM
Get FireFox for Secure Browsing
Recent Comments
Re: Blog Reading Level
Re: Hacking Linux onto your 360 just got a wee bit easier
REIMER's a stooge
Re: Welcome!
Re: Welcome!
Month Archive
February 2008
January 2008
My Blog Roll
.: UNEASYsilence :.
.:[ packet storm ]:.
180solutions Blog
5ives
A Day in the Life of an Information Security Investigator
ASTALAVISTA
ASTALAVISTA Security Directory
Arik's blog
Asa Dotzler - Firefox and more
Atlanta Business Chronicle
Avery J. Parker's Blog
Ben Edelman - Home
Ben's Bargains
Blingo Buzz
BlueHat Security Briefings
Boing Boing
CNN.com
CSO Homepage
Caffeinated Security
CastleCops
Cheapstingybargains.com
Computer Crime Research Center
Computer Internet Security eLamb
Cryptome
Daily Phreak - Daily Telecom, Asterisk & Phreaking Updates
Dana Epp's ramblings at the Sanctuary
Digg
Digg Blog
Digital Common Sense
Digital-Mafia
Dorian Software BLOG
Dr. Antonio Nucci
E-Bitz - SBS MVP the Official Blog of the SBS "Diva"
EFF: Breaking News
EFF: DeepLinks
EFF: miniLinks
Engadget
Everlasting Blort
F-Secure : News from the Lab
Forever Geek
GeoURL Log
George Ou | ZDNet.com
Global Security Watch
Go Fug Yourself
Gravatar - Globally Recognized Avatar
Hack In The Box
Hack a Day
I-Hacked.com
Inc.com
InfoWorld
Inside AdSense
Israel Torres on Security
Joao Barros
Kim Cameron's Identity Weblog
Lotus Geek
MAKE: Blog
Mark's Blog
Mark's Sysinternals Blog
Metasploit Blog
Microsoft Architecture Resource Center
Microsoft Secguide's WebLog
Microsoft Security Bulletins
Microsoft Windows Security
Monkeys In The News
NPR : News
National Cyber Alert System
NetIdentity Blogware - Support Center :: Main Page
Network World on Firewalls
Network World on IDP/IPS
Network World on Network Security
Network World on VPNs
Network World on Wireless
PCI and Data Security Compliance
PostSecret
RAW Data
Regulatory Compliance
ReveNews - Online Revenue News & Opinions
Rootkit.com
Rootsecure.net | Home
SANS Internet Storm Center
SANS NewsBites: Security Digest
SC Magazine
Sage Project News
Schneier on Security
Scobleizer - Microsoft Geek Blogger
Search Engine Watch Blog
SecuriTeam Blogs
Security Awareness for Ma, Pa and the Corporate Clueless
Security Fix
Security Visualization Portal
Security to the Core | Arbor Networks Security Blog
SecurityDocs
SecurityDump: Directory of Security Tools
SecurityFocus
Slashdot
SlickDeals.net
So sue me
Steve Lamb's Blog
Steve Riley on Security
Sunbelt BLOG
TaoSecurity
TechNet Blogs
TechRepublic
TechRepublic Downloads
Technorati Weblog
Telecom, Security and P2P
The Cloud Appreciation Society
The Dilbert Blog
The Edge of I-Hacked
The Metasploit Project
Urban Legends Reference Pages: What's New
User Friendly the Comic Strip
Viruslist.com - Analyst's Diary
Vitalsecurity.org
Welcome to nosec
Wi-Fi Networking News
WiFi Thoughts
Windows Incident Response
Windows Live Safety Center
Woot : The Blog
meeblog
one2one, Dell’s Weblog
terminal23
trifinite.blog
xkcd
Login
User name:
Password:
Remember me 

Main Page  »  IBM
Tuesday, February 26
View Article  Best practices for IT security management
by Xavier Ashe on Tue 26 Feb 2008 12:11 PM EST

The nuts and bolts of an information risk management (IRM) framework are best put in place long before you install the technology. But it's never too late to mitigate business risk by working out the mechanics of functions, requirements and controls. Discover and report on the right priorities, and you can construct a framework for making well-informed decisions.

Read Five steps to building information risk management frameworks and Developing Controls for People, Processes and Technology by Forrester analyst Khalid Kark who details how to build a sound IRM solution in your organization, including:

Defining domains for your IRM framework
Three questions to ask when assessing the criticality of IRM requirements
Overcoming two significant challenges in defining security metrics programs
Converging physical and logical security through process collaboration

Kark is a principal analyst at Forrester Research. His research focuses on information risk management strategy, governance, best practices, measurement and reporting.

This expert advice is part of a continuing series on IBM best practices for IT security management. IBM security services and solutions such as Tivoli®, Internet Security Systems™, and Rational® enable customers to better manage their infrastructure, operations and IT processes.
Leave Comment  |  Permanent Link  |  Cosmos
Tuesday, February 19
View Article  PCI compliance drives identity management spending, says IBM's GRC chief
by Xavier Ashe on Tue 19 Feb 2008 03:58 PM EST
Great interview with Kristin Lovejoy, the director of IBM Governance and Risk Management Strategy over at Information Security Magazine.

When Consul was acquired, how difficult was the technology integration?
Kristin Lovejoy: There was a good bit of integration work that had to occur. Most of it was around assuring that the product offering met the scalability requirements that had to be defined by IBM. IBM's acquisition of the technology undergoes a blue-washing process. The blue washing process assures that the technology sold to IBM customers are not packaged with any kind of code that is not documented—no open source components. Also the database infrastructure had to be reworked and released for DB2.

You've been viewed as a leader in driving the implementation of auditing as a required step in identity and access management. Talk about the importance of auditing.
Lovejoy: Of course it was Sarbanes Oxley where the concept was initiated. Section 404 required organizations to not only look at their business controls but also their IT controls. It points to a requirement that organizations adopt a control framework within the finance, accounting organization, making sure there's no conflict of interest. Sarbanes Oxley made people say trust is ok but now I have to verify. We saw a lot of companies want to be able to monitor privileged users such as database administrators and developers. They wanted to ensure that those that were working in the preproduction environment were only working in the preproduction environment.

In addition to Sarbanes Oxley, there have been over time lots of requirements like PCI DSS and HIPPA that requires you to do audit logging. These requirements, which always said you need to maintain the logs, are now beginning to indicate that it's not simply collecting logs, but you also have to be able to review the activity in logs and identify areas potentially anomalous activity.



Read More.
Leave Comment  |  Permanent Link  |  Cosmos
View Article  New IBM Redbook - Deployment Guide Series: IBM Tivoli Compliance Insight Manager
by Xavier Ashe on Tue 19 Feb 2008 11:03 AM EST
In order to comply with government and industry regulations, such as Sarbanes-Oxley, Gramm-Leach-Bliley, and COBIT, enterprises have to constantly detect, validate, and report unauthorized change and out-of-compliance actions on their IT infrastructure.

The Tivoli Compliance Insight Manager v8.0 solution allows organizations to improve the security of their information systems by capturing comprehensive log data, correlating this data through sophisticated log interpretation and normalization, and communicating results through a dashboard and a full set of audit and compliance reporting.

We discuss the business context of security audit and compliance software for organizations, and we show a typical deployment within a business scenario.

This is the second IBM Redbook covering IBM Tivoli Compliance Insight Manager - the first book being the Compliance Management Design Guide with IBM Tivoli Compliance Insight Manager, SG24-7530.

This IBM Redbooks publication is a valuable resource for security officers, administrators, and architects who wish to understand and deploy a centralized security audit and compliance solution.

Download the Deployment Guide Series: IBM Tivoli Compliance Insight Manager
Publish Date:   February 15, 2008     ISBN Number:   0738485705
Leave Comment  |  Permanent Link  |  Cosmos
Tuesday, February 5
View Article  TSOM and TCIM Integration! (TSIEM)
by Xavier Ashe on Tue 05 Feb 2008 12:01 PM EST

Chief Security Officers (CSOs) and Chief Information Security Officers (CISOs) today are focused on prioritizing security initiatives to support their business goals, and on managing technical risk and governance.  Their organizations are challenged to both minimize security-based business disruptions and ensure and demonstrate compliance with privacy regulatory requirements, with a limited set of resources.   Security information and event management (SIEM) technology can provide a solution to these challenges, and provide greater leverage of people and greater visibility of their existing security infrastructure.

IBM offers two SIEM complementary capabilities for the security information and events:

  • A real-time, network event-oriented management dashboard that facilitates attack recognition and incident management
  • An information analysis dashboard to assess how well an organization adheres to its security and governance policies

IBM Tivoli Security Information and Event Manager V1.0 (TSIEM) is comprised of two products:  IBM Tivoli Security Operations Manager V4.1 (TSOM) and IBM Tivoli Compliance Insight Manager V8.5 (TCIM). These products, working together, help you realize the full promise of enterprise SIEM. By centralizing log collection and event correlation across your enterprise, you can leverage an advanced compliance dashboard to link security events and user behavior to your corporate policies.

Tivoli Security Information and Event Manager delivers a comprehensive foundation to help address your SIEM requirements.  As a result, IT organizations can reduce their exposure to security breaches; collect, analyze, and report on compliance events; and manage the complexity of heterogeneous technologies and infrastructures.  TSIEM provides support for numerous applications, operating systems, security products, and network infrastructures, as well as desktop and mainframe systems.

Using TCIM and TSOM together provides the benefits of both products, through their complementary user-centric and network-centric perspectives.  Integration between TSOM and TCIM can provide additional unique capabilities:

  • Identify important audit and administrative events from the network/security infrastructure for privileged user monitoring and compliance reporting.   This leverages the broad network and security product support of TSOM and its correlation capabilities to provide added value auditable events for use in the TCIM privileged user monitoring and audit and compliance reports.
  • Identify network-centric policy violations with TSOM, and forward these high level correlated events to TCIM for consolidated compliance dashboard and reporting and views.  

The integration described in this document provides the foundation to accomplish these two general use cases.  It describes the specific of configuring TSOM to send events to TCIM.

Dowload the Tivoli Security Information and Event Manager: Tivoli Security Operations Manager and Tivoli Compliance Insight Manager Integration Guide

Leave Comment  |  Permanent Link  |  Cosmos
Tuesday, January 29
View Article  Tivoli Security Information and Event Manager
by Xavier Ashe on Tue 29 Jan 2008 11:22 AM EST
This product offering is the next evolution of what I've been doing at IBM.  Finally, a public announcement!!

IBM Tivoli Security Information and Event Manager V1.0 helps IT security organizations obtain valuable security insights that your organization can act on, by:

    * Facilitating compliance by using centralized dashboard and reporting capabilities.
    * Helping to protect intellectual property and privacy by auditing the behavior of all users — privileged and nonprivileged.
    * Managing security operations effectively and efficiently with centralized security event correlation, prioritization, investigation, and response.

IBM Tivoli Security Information and Event Manager V1.0 offers:

    * Integration and exchange of events between IBM Tivoli Security Operations Manager and IBM Tivoli Compliance Insight Manager correlation engines.
    * New endpoint pricing for both security incident and audit log collection.

Security information and event management (SIEM) is a primary concern of CIOs and CSOs in many enterprises and organizations. There is a need to centralize security-relevant events and analyze the consolidated data to obtain valuable security and compliance insights.

IBM offers two complementary perspectives on SIEM:

    * A real-time, network event-oriented management dashboard that facilitates attack recognition and security incident management.
    * An information analysis dashboard to monitor how well an organization adheres to its security and governance policies.

IBM Tivoli® Security Information and Event Manager V1.0 is comprised of two products that work closely together to help realize the full promise of enterprise SIEM: IBM Tivoli Security Operations Manager V4.1 and IBM Tivoli Compliance Insight Manager V8.5. Now you can centralize log collection and event correlation across the enterprise, and can leverage an advanced compliance dashboard and regulatory compliant reports to link security events and user behavior to corporate policies.

Tivoli Security Information and Event Manager V1.0 delivers a foundation from which to address your SIEM requirements — now and into the future. As a result, IT organizations can lower their exposure to security breaches; control the costs of collecting, analyzing, and reporting on compliance related events; and manage the complexity of heterogeneous technologies and infrastructures. IBM Tivoli Security Information and Event Manager offers end-to-end capabilities including:

    * Security compliance dashboard.
    * Security operations dashboard for security incident management.
    * Real-time log aggregation, correlation, and analysis of security incidents.
    * IT operations integration.
          o Recognize, investigate, and respond to security incidents automatically.
          o Streamline incident tracking, handling, and resolution.
    * Mainframe, operating system, application, and database audit analysis.
    * Privileged user monitoring and auditing (PUMA).
    * Log management reporting.

Leave Comment  |  Permanent Link  |  Cosmos
Search
Google Search
Translators
Partner Sites
Chat with me
Random Links
Xavier's Monkey
Geekin'
Paris Hilton's Sex Tape
Another Princess Passes
Validate my RSS feed
GeoURL - Find My Neighbors
Office of the National Counterintelligence Executive
Giganews Free 5-day Trial
National ZIP Code Browser and Lookup
The Hitchhiker's Guide to the Galaxy
Coupon-Codes.Net
Doom9.net
mobile17 - Free Ringtone Converter
Georgia Tech Information Security Center
CyberCrime Summit 2006
Images here, images there, images everywhere
Ports Database
FrozenTech's LiveCD List
Tools -- TechnicalInfo.net
Airfarewatchdog.com
Linux Magazine's Tip of the Day
Falling Sand Game
Motivator: Inspire! Motivate! Mock!
Oh My Proxy! - Free Anonymous Browsing and Web Proxy
White Hat Links
All Net Tools - Tool Box - Network
BiDiBLAH
Browser Security Test
CERT Coordination Center
Cellular/Mobile Phone Forensics
Center for Internet Security
CipherTrust - Zombie Statistics
DNS Report
DNS Stuff
FAQ: Firewall Forensics (What am I seeing?)
Foundstone Free Tools
How to Report Internet-Related Crime
Internet Crime Prevention and Control Institute
Key Recovery Utilities and Resources
Micromuse: NETCOOL/NEUSECURE
Network Chemistry - Packetyzer and BlueScanner
Network Situational Awareness (NetSA)
Open Web Application Security Project (OWASP)
Qualys Free Network Security Scanner : Free Security Scan
SANS Institute
Security-Freak.net !
SpamBayes: Windows platform
Sys-Security Group
The Spamhaus Project - DROP
WLSec - Wireless LAN Security Framework
Wikto Web Assessment Tool
trifinite.org - Bluetooth Security
Black Hat Links
AccessDiver
AntiOnline
Astalavista Security Group
BLACKLISTED411.COM
Big bertha says: default passwords
Crackspider.net!
Default Password List
Edge-Security
Firewalk
IE Exploits
InfoHacking
John the Ripper password cracker
MegaSecurity.org
Mezcal :: HTTP request brute force tool
Nomad Mobile Research Centre (NMRC)
Nomad Mobile Research Centre (NMRC)
Password Recovery Software
SnadBoy Software
Spectorsoft - Netbus Keylogger
TheBUGS.ws
Tutorials - Rexploit
WT: Odysseus
Whoppix and WHAX demos
hping security tool
j0hnny's Google Hacks Database
oxid.it
Friends
Avenir - The Writer's Workshop
Dagmar d'Surreal
Day in the life of a DJ named ...
DougMcClure.net
Ex Nihilo Nihil Fit
Flickr: Photos from joethepeacock
Icarus Rising
Keith Landers
Keith Landers
Royal Classic Jams
Sean's Idea Kitchen
Short sighted gluttony
Spontaneous Sociability and The Enthymeme
TankByte
The Security Samurai
Trekking Through The Uncanny Valley
Wain Kellum
Washburn's World
pictures from a robot
Alexa Traffic Counter
Feed Map
Technocrati Chart
Posts that contain "Lazy Genius" per day for the last 60 days.
Technorati Chart
Get your own chart!