 |
| Security process developmentSecurity policies and standards require clear, concise, well-defined security processes to make them effective. |
|
|
|
|
|
|
|
 |
Service detail Security policies and standards require clear, concise, well-defined security processes to make them effective. Highlights |  | | IBM's Security Process Development service will help you define and document the processes which enable your security objectives to be realized. The processes will be developed based on your organization's predefined information security standards or a standards-based code of practice. |
You may select the particular processes you want IBM to address or, alternatively, you may elect to have IBM first perform a comprehensive Security Process Assessment to help prioritize the areas your organization should focus on first for maximum benefit. The following are examples of security processes that can be customized for your organization as part of this offering: roles and responsibilities of security staff members, classification and protection of information media, employee awareness programs, incident reporting and response, enterprise-wide anti-virus measures, user and password management, and management self-assessment programs. In order to develop processes that meet your business objectives and can be implemented easily within your organization, IBM Security Consultants will first review and assess the security processes you have selected at one or more locations using IBM's IT Process Model and a standards-based model of "best practices". The assessment will identify both the strengths and weaknesses in the processes as they are currently implemented. Using this information, IBM will define and formally document new processes that will meet your business needs for efficiency, effectiveness and adaptability by using a formal process management methodology. Service covers: - A review of your organization's security policy, relevant standards and documentation for the selected processes
- An assessment of your current processes (within the selected scope) in terms of effectiveness, efficiency and adaptability using IBM's IT Process Model and a standards-based model of "best practices"
- Formal process definitions using IBM's business process methodology. Each process definition will include the following information: purpose, intended audience, owner, version number, approval date, revision history, revision process, process flow diagram, supplier responsibilities, customer responsibilities, tasks and quality controls.
Price
The contract amount for IBM's Security Process Development offering typically ranges from $50,000 to $150,000. Taxes and applicable travel and living expenses are extra. |
|
|
|
|
|
|
 |
|
|
|
|
