IBM Tivoli and Cisco manual Remediation requirements, Solution functional requirements

5.2.3 Remediation requirements

Examining the operational maintenance related requirements we found that the following pain points are the requirement drivers:

￿Desktop security requirements became so complex that most of the non-technical end users cannot track the policy changes on their own.

￿Increasing numbers of mobile users are outside of the scope of the desktop policy enforcement realized with Active Directory®.

￿Installation of hotfixes, security updates, and network supplicant software must be strictly controlled due to change management process requirements.

￿Enforcement of security policy without facilitating the remediation process results in productivity loss and an increased number of help desk calls.

Finally, one of the ABBC general functional requirements is an ability to institute and enforce emergency change procedures for the company security posture

policy. The associated pain point is straightforward. Consider a scenario where a potential severity-one Windows vulnerability has become public and Microsoft has issued a hotfix for this vulnerability, which is of sufficient severity that the normal change procedure documented in 2.3.2, “Security policy life cycle management” on page 30, is not practical. However, while incorporating the emergency change procedure, maintaining employee productivity must also be considered, as ABBC must continue to do business and serve its customer base. In addition, the solution has to consider the bandwidth and resource limitations of the ABBC help desk staff and system administrators. The ABBC help desk cannot sustain a deluge of help requests from scores of users who are suddenly denied access for noncompliance. Combined with the ability to institute emergency posture-policy changes, remediation requirements also include the need to be able to push a critical system update, such as a severity-one hotfix. Fortunately, all of the requirements can be met by combining posture checks with network access enforcement and an automatic remediation facility.

5.2.4 Solution functional requirements

ABBC has well-defined security policies for their servers, as well as the existing infrastructure to measure and track compliance via the IBM Tivoli Security Compliance Manager product. However, ABBC lacks a technical method to check security compliance of the users’ workstations, which are known to contain a lot of the company’s sensitive data. Thus, as we examine the requirements, along with the pain points, we find that they can be condensed into three functional requirements.

The first functional requirement is to centrally manage and track the workstation compliance status for all the users’ workstations, both stationary and mobile. This