Security standards definition

The successful implementation of a security program relies on several factors.

IBM's Security Standards Definition offering investigates the requirements for information security, the associated priorities, and thereafter, creates custom security standards to serve as the cornerstones which direct the day to day operations of your security program.

The successful implementation of a security program relies on several factors, in addition to security technology, working together:

• a clear demonstration of management's commitment as documented in a corporate security policy,
• security architecture principles that are consistent with the organization's business and IT strategies and are the basis for making business-oriented security decisions throughout the enterprise,
• standards that promote consistent and effective implementations that adhere to corporate policy and security architecture, and
• processes that enable efficient, effective and adaptable day to day operations.

IBM Security Consultants will team with your staff to develop a detailed work plan and on a continuing basis to ensure that all work performed is designed to satisfy your organization's needs. To ensure the standards developed during this activity meet your business needs and can be realistically implemented, IBM uses its own internal security standards together with "best practices" selected from industry standards for commercial environments in the areas such as organization, personnel, physical controls, asset classification and control, network and computer management, business continuity, and compliance.

Based on information gathered from interviews with your key business and IT managers, IBM Security Consultants will use your existing security program documentation (policy, architecture, standards, guidelines, processes, etc.) as the base to customize a set of standards that will be appropriate for the business needs of your organization.

Service covers:

• A review of your organization's business strategy and related security requirements
• A review of your organization's IT strategy, current security concerns, and future security requirements
• A review and analysis of your organization's current security policy and standards against the needs of your organization's business and IT strategies
• Customized security standards documents which will serve to guide your organization in meeting its security objectives according to business needs. Each standard will contain sufficient information, according to your organization's existing format and level of detail, so that processes can be developed to meet the standards in day to day operations.

Price
The contract amount for IBM's Security Standards Definition offering typically ranges from $15,000 to $100,000. Taxes and applicable travel and living expenses are extra.