IBM Tivoli and Cisco manual Corporate security policy defined

Standard reports that can be generated from the IBM Integrated Security Solution for Cisco Networks can be valuable to corporate auditors. These can be used as artifacts, thereby reducing the effort in checking individual users. Automated processes can also provide consistency in checking a particular policy that may be required at certain circumstances. For example, when a new vulnerability is being publicized a policy can be created and deployed quickly to direct users to update their workstation and regain compliancy by downloading and installing a fix using the appropriate remediation process.

1.4 Corporate security policy defined

A corporate security policy should protect the company’s valuable assets and meet legal obligations. Intellectual properties must not be shared without explicit written authorization. As we do business with customers, we are required by law to maintain the confidentiality of the information, privacy of the individual, and so on. Companies must adhere to government regulations that ensure that businesses are run legally and ethically without jeopardizing the integrity of the enterprise. This is fundamental to maintain a trusted relationship between organizations and customers. Many businesses have outsourced their IT management to third-party companies; now it is the responsibility of that company to maintain the data confidentiality and integrity.

Most large corporations have employee guidelines that define how to protect company assets and conduct business with customers. Each employee is solely responsible for their actions and has to perform business within the given framework or guidelines set by the company.

To maintain trust between organizations, security is everyone’s concern without any exception. Every employee must be empowered to challenge untrusted entities, such as unauthorized access to information. Hackers use all abilities and means to access protected data. Physical security alone does not protect data, as information is available in many shapes and forms. It is of utmost importance for every employee of an organization to be conscious of corporate security policies and to adhere to them without exception.

1.5 Business driver for corporate security compliance

Corporations are required to enforce compliance to their policies to maintain a secure network and allow access only to authorized users, employees, and external partners. Best practices include:

￿Protect the corporate network from malicious attackers.

￿Keep authorized users compliant with corporate security policy.

8Building a Network Access Control Solution with IBM Tivoli and Cisco Systems