SlideShare ist ein Scribd-Unternehmen logo

Protecting Citizen Data Using IBM Rational Cybersecurity Solutions

Bill Duncan
Bill Duncan
Technologie
1 von 4
Downloaden Sie, um offline zu lesen
IBM Software Government Rational Protecting citizen data using IBM Rational cybersecurity solutions Help reduce security risks while providing online government services A digital, connected government helps simplify processes and makes Highlights access to government information more easily accessible for public sector agencies and citizens, which can result in a wealth of benefits, ● Enables agencies to scan and test for from improving citizen satisfaction and participation to reducing opera- common web application vulnerabilities to help reduce security risks tional costs. Many agencies have initiatives in place to improve their government-to-citizen service model, but the same Internet technologies ● Supports compliance objectives with that are essential to achieving these objectives also open up areas of seri- standardized reporting for common reporting needs ous risk. In July 2009 the news cycle included stories about a series of coordinated cyber attacks that were launched against major government, ● Helps reduce the risk and cost of news media and financial websites in South Korea and the United States. enabling new services by identifying potential vulnerabilities in the develop- As 2010 came to a close, the world had become witness and victim to ment process mounting cyber warfare where public and private entities were at risk. News headlines abound on cyber attacks and vulnerabilities such as the Stuxnet virus, increasing cyber warfare and the Gawker breach. Government agency systems are at risk from individuals, organizations, nations and “hacktivist” movements looking for ways to wreak havoc either out of malice or simply to cause headaches. Internet threats con- tinue to evolve as well, making compliance with security standards a constantly moving target. Governments need to stay on top of technolo- gies that will enable them to enhance confidentiality, privacy and authentication, both to protect transaction data and citizen information from inappropriate disclosure or use and to ensure that citizens know and understand that they are protected. Furthermore, there has been increased concern over data security on social websites that may affect the military and information on troop movements, plans and private communications. Many government agencies are aware of the increased need for security; however, they may have challenges executing the necessary steps to pro- tect their infrastructure. Government IT departments, like just about all other areas of government, are facing lower budgets and constrained resources. Agencies need to find ways to maintain the stability and secu- rity of their existing systems while creating the next generation of cost-effective, smarter solutions.
IBM Software Government Rational IBM Rational® software provides the tools to create these new development life cycle (SDLC), but the time and costs to do so applications and manage development costs while helping to can be prohibitive. And unfortunately, hackers regularly demon- reduce security risks. strate their ability to circumvent security controls by finding and exploiting new vulnerabilities. Having software tools in Identifying vulnerabilities to manage risk place to help analyze vulnerabilities in your services can relieve Generally speaking, a vulnerability is anything in your com- some of the pressure. puter system that may result in a weakening or breakdown of the confidentiality, integrity or accessibility of the computing IBM Rational AppScan® software provides web application system. Over time, the industry has identified thousands of security vulnerability scanning, testing and reporting. It auto- vulnerabilities to computing systems. According to the mates vulnerability assessments for a broad set of technologies IBM X-Force 2010 Mid-Year Trend and Risk Report, “Web appli- including Asynchronous JavaScript and XML (AJAX), Adobe® cation vulnerabilities continue to be the most prevalent type of Flash software, and web services. It provides customization and vulnerability affecting servers today. … The number of Web extensibility for the open source community, advanced remedia- application vulnerabilities continues to climb at a moderately tion recommendations, and a Pyscan framework for penetration steady rate of 3,000 to 4,000 disclosures per year.”1 testers. Assessments are designed to make organizations aware of problems in advance and to help establish a prioritized road As you create new online services, it would be ideal if all soft- map to address discovered security vulnerabilities. ware used in your applications were developed and tested for security vulnerabilities at each phase of the software Outsourced applications Preexisting applications Packaged applications Applications developed in-house Case management Applications application System identity and from disparate access management Communications sources Citizen access portal and collaboration Vulnerability identification IBM Rational solutions for security and compliance Vulnerability remediation Assessed and validated applications Figure 1: Rational solutions for security can help you manage potential vulnerabilities across your application infrastructure. 2
IBM Software Government Rational Automating compliance tasks to reduce tools work in conjunction with Rational AppScan and Rational workload Policy Tester software to help you design, develop and deliver To maintain the public trust and address regulatory obligations, security-rich software and systems that address the needs of you need the ability to demonstrate that you have taken reason- your citizens. able steps to safeguard your systems. But performing these assessments consistently and cost-effectively requires significant For organizations that may not have internal web application effort. Automation can help alleviate that burden. security and compliance expertise, IBM can deliver Rational AppScan and Rational Policy Tester functionality as a full- IBM Rational Policy Tester™ software helps organizations service, turnkey, software-as-a-service (SaaS) offering that is reduce their online risk and exposure by identifying issues that hosted, managed and run for you by IBM Rational experts. We affect website compliance and usability. Inventory and privacy can explain results and findings in detail and guide you through reports help you determine the makeup of your site and the remediation process. SaaS is designed to provide a low-cost, whether you are adhering to posted privacy policies. From an fast-time-to-value alternative to licensed software. analysis perspective, IBM Rational website compliance solutions automate content scanning to facilitate compliance with privacy, Why IBM? accessibility and key industry regulations, such as the Sarbanes- IBM is one of the only vendors in the marketplace today that Oxley Act, as well as internal web quality standards. can address virtually the entire spectrum of IT security and risk. IBM is trusted by thousands of organizations worldwide to To ease the burden of reporting, Rational AppScan software reduce their risk exposure across the business—including its includes more than 40 standardized regulatory compliance people, data, applications, network and endpoints, and physical reports, including reports for the Federal Information Security infrastructure. With IBM Rational software, we can help you Management Act (FISMA), the National Institute of Standards build security into the fabric of your infrastructure to help you and Technology (NIST), the Payment Card Industry Data better protect data and address regulatory compliance require- Security Standard (PCI DSS), the Health Insurance Portability ments for applications and websites. And with automated and Accountability Act (HIPAA) and many others. Rational regulatory report generation, you can spend less time on your Policy Tester privacy reports can help support compliance compliance obligations and more time on making your services requirements for the Safe Harbor Act, Section 208; Sarbanes- smarter and your citizens more satisfied. Oxley; HIPAA, the Gramm-Leach-Bliley Act (GLBA); the Children’s Online Privacy Protection Act (COPPA) and others. IBM Rational solutions can help protect government agencies from the increased security risk exposure caused by the online Managing the life cycle to control costs delivery of government services. IBM Rational software can If you’re building your own applications, reducing vulnerabili- help you build security into the fabric of your infrastructure to ties early in the life cycle may be one of the best ways to help help better protect data and address regulatory compliance optimize security and reduce development costs. Assessing requirements for applications and websites. IBM is well posi- applications during the development phase can be an ideal way tioned to help you safeguard your infrastructure because it is to reduce vulnerabilities and to simplify the assessment and one of the only vendors in the marketplace today that can reporting process later on. IBM Rational software development address virtually the entire spectrum of IT security and risk. 3
For more information To learn more about IBM Rational security solutions for the government sector, contact your IBM sales representative or IBM Business Partner, or visit: ibm.com/rational/solutions/government © Copyright IBM Corporation 2010 Additionally, financing solutions from IBM Global Financing IBM Corporation can enable effective cash management, protection from tech- Software Group Route 100 nology obsolescence, improved total cost of ownership and Somers, NY 10589 return on investment. Also, our Global Asset Recovery Services U.S.A. help address environmental concerns with new, more energy- Produced in the United States of America efficient solutions. For more information on IBM Global December 2010 Financing, visit: ibm.com/financing All Rights Reserved IBM, the IBM logo, ibm.com, Rational, AppScan, and Policy Tester are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the web at “Copyright and trademark information” at ibm.com/legal/copytrade.shtml Adobe is a registered trademark of Adobe Systems Incorporated in the United States, and/or other countries. References in this publication to IBM products or services do not imply that IBM intends to make them available in all countries in which IBM operates. The information contained in this documentation is provided for informational purposes only. While efforts were made to verify the completeness and accuracy of the information contained in this documentation, it is provided “as is” without warranty of any kind, express or implied. In addition, this information is based on IBM’s current product plans and strategy, which are subject to change by IBM without notice. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, this documentation or any other documentation. Nothing contained in this documentation is intended to, nor shall have the effect of, creating any warranties or representations from IBM (or its suppliers or licensors), or altering the terms and conditions of the applicable license agreement governing the use of IBM software. IBM customers are responsible for ensuring their own compliance with legal requirements. It is the customer’s sole responsibility to obtain advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulatory requirements that may affect the customer’s business and any actions the customer may need to take to comply with such laws. 1 IBM, IBM X-Force 2010 Mid-Year Trend and Risk Report, August 2010. Please Recycle RAS14070-USEN-00

Empfohlen

Концепция введения удостоверения личности гражданина Российской Федерации в в...
Концепция введения удостоверения личности гражданина Российской Федерации в в...Концепция введения удостоверения личности гражданина Российской Федерации в в...
Концепция введения удостоверения личности гражданина Российской Федерации в в...Victor Gridnev
 
دورة في ادارة المشروعات[smallpdf.com]
دورة في ادارة المشروعات[smallpdf.com]دورة في ادارة المشروعات[smallpdf.com]
دورة في ادارة المشروعات[smallpdf.com]Osama Sharaf
 
scanletterjail0001
scanletterjail0001scanletterjail0001
scanletterjail0001Anne White
 
Irratia
IrratiaIrratia
Irratiairakasletaldea
 
Artigo para juliele
Artigo para julieleArtigo para juliele
Artigo para julieleJuliele Ferreira
 
180714-112219
180714-112219180714-112219
180714-112219Joventino Relato
 
Berklee College of Music Degree
Berklee College of Music DegreeBerklee College of Music Degree
Berklee College of Music DegreeRenee Lau
 
FLYER A5
FLYER A5FLYER A5
FLYER A5Rahmat Darsono
 

Empfohlen

Концепция введения удостоверения личности гражданина Российской Федерации в в...
Концепция введения удостоверения личности гражданина Российской Федерации в в...Концепция введения удостоверения личности гражданина Российской Федерации в в...
Концепция введения удостоверения личности гражданина Российской Федерации в в...Victor Gridnev
 
دورة في ادارة المشروعات[smallpdf.com]
دورة في ادارة المشروعات[smallpdf.com]دورة في ادارة المشروعات[smallpdf.com]
دورة في ادارة المشروعات[smallpdf.com]Osama Sharaf
 
scanletterjail0001
scanletterjail0001scanletterjail0001
scanletterjail0001Anne White
 
Irratia
IrratiaIrratia
Irratiairakasletaldea
 
Artigo para juliele
Artigo para julieleArtigo para juliele
Artigo para julieleJuliele Ferreira
 
180714-112219
180714-112219180714-112219
180714-112219Joventino Relato
 
Berklee College of Music Degree
Berklee College of Music DegreeBerklee College of Music Degree
Berklee College of Music DegreeRenee Lau
 
FLYER A5
FLYER A5FLYER A5
FLYER A5Rahmat Darsono
 
nick letter rec
nick letter recnick letter rec
nick letter recLeah;Griffiths Lawson
 
DustinHackey_Resume
DustinHackey_ResumeDustinHackey_Resume
DustinHackey_ResumeDustin Hackey
 
Госпрограмма-развитие науки-и_технологий_2013-2020
Госпрограмма-развитие науки-и_технологий_2013-2020Госпрограмма-развитие науки-и_технологий_2013-2020
Госпрограмма-развитие науки-и_технологий_2013-2020Victor Gridnev
 
ISO Certificate
ISO CertificateISO Certificate
ISO CertificateIndra Prasetya
 
L'educació emocional, per a una educació integral. N. Mas UVIC-UCC
L'educació emocional, per a una educació integral. N. Mas UVIC-UCCL'educació emocional, per a una educació integral. N. Mas UVIC-UCC
L'educació emocional, per a una educació integral. N. Mas UVIC-UCChome.
 
certficate 19
certficate 19certficate 19
certficate 19A .O . W Mukolo
 
HSE specialist certificates grade
HSE specialist certificates gradeHSE specialist certificates grade
HSE specialist certificates gradekhantminnhtet (Kelvin)
 
Slideshare
SlideshareSlideshare
SlideshareLüiis Sanguino
 
Palestra jundiaí outro 2
Palestra jundiaí outro 2Palestra jundiaí outro 2
Palestra jundiaí outro 2Unifia-Amparo
 
Red Hat Accredited Professional - Red Hat Sales Specialist Infrastructure as ...
Red Hat Accredited Professional - Red Hat Sales Specialist Infrastructure as ...Red Hat Accredited Professional - Red Hat Sales Specialist Infrastructure as ...
Red Hat Accredited Professional - Red Hat Sales Specialist Infrastructure as ...Bill Duncan
 
Ibm bluemix—from idea to application by karim abousedera
Ibm bluemix—from idea to application by karim abousederaIbm bluemix—from idea to application by karim abousedera
Ibm bluemix—from idea to application by karim abousederaBill Duncan
 
IBM Federal Systems Integrator Forum at InterConnect
IBM Federal Systems Integrator Forum at InterConnectIBM Federal Systems Integrator Forum at InterConnect
IBM Federal Systems Integrator Forum at InterConnectBill Duncan
 
Create software builds with jazz team build
Create software builds with jazz team buildCreate software builds with jazz team build
Create software builds with jazz team buildBill Duncan
 
How DOORS Helps JPL Get to Mars & Beyond
How DOORS Helps JPL Get to Mars & BeyondHow DOORS Helps JPL Get to Mars & Beyond
How DOORS Helps JPL Get to Mars & BeyondBill Duncan
 
Space Quarterly: September 2011
Space Quarterly: September 2011Space Quarterly: September 2011
Space Quarterly: September 2011Bill Duncan
 
Tutorial: Create a custom work item in Rational Team Concert
Tutorial: Create a custom work item in Rational Team ConcertTutorial: Create a custom work item in Rational Team Concert
Tutorial: Create a custom work item in Rational Team ConcertBill Duncan
 
How to implement access restrictions to your EA artifacts using Rational Syst...
How to implement access restrictions to your EA artifacts using Rational Syst...How to implement access restrictions to your EA artifacts using Rational Syst...
How to implement access restrictions to your EA artifacts using Rational Syst...Bill Duncan
 
Speed delivery of Android devices and applications with model-driven development
Speed delivery of Android devices and applications with model-driven developmentSpeed delivery of Android devices and applications with model-driven development
Speed delivery of Android devices and applications with model-driven developmentBill Duncan
 
Optimize load handling for high-volume tests with IBM Rational Performance Te...
Optimize load handling for high-volume tests with IBM Rational Performance Te...Optimize load handling for high-volume tests with IBM Rational Performance Te...
Optimize load handling for high-volume tests with IBM Rational Performance Te...Bill Duncan
 
Improve software development project success with better information
Improve software development project success with better informationImprove software development project success with better information
Improve software development project success with better informationBill Duncan
 
Automate document generation from SysML models with Rational Rhapsody Reporte...
Automate document generation from SysML models with Rational Rhapsody Reporte...Automate document generation from SysML models with Rational Rhapsody Reporte...
Automate document generation from SysML models with Rational Rhapsody Reporte...Bill Duncan
 
Automate document generation from sys ml models with rational rhapsody report...
Automate document generation from sys ml models with rational rhapsody report...Automate document generation from sys ml models with rational rhapsody report...
Automate document generation from sys ml models with rational rhapsody report...Bill Duncan
 

Weitere ähnliche Inhalte

Andere mochten auch

Госпрограмма-развитие науки-и_технологий_2013-2020
Госпрограмма-развитие науки-и_технологий_2013-2020Госпрограмма-развитие науки-и_технологий_2013-2020
Госпрограмма-развитие науки-и_технологий_2013-2020Victor Gridnev
 
L'educació emocional, per a una educació integral. N. Mas UVIC-UCC
L'educació emocional, per a una educació integral. N. Mas UVIC-UCCL'educació emocional, per a una educació integral. N. Mas UVIC-UCC
L'educació emocional, per a una educació integral. N. Mas UVIC-UCChome.
 
Palestra jundiaí outro 2
Palestra jundiaí outro 2Palestra jundiaí outro 2
Palestra jundiaí outro 2Unifia-Amparo
 

Andere mochten auch (9)

nick letter rec
nick letter recnick letter rec
nick letter rec
 
DustinHackey_Resume
DustinHackey_ResumeDustinHackey_Resume
DustinHackey_Resume
 
Госпрограмма-развитие науки-и_технологий_2013-2020
Госпрограмма-развитие науки-и_технологий_2013-2020Госпрограмма-развитие науки-и_технологий_2013-2020
Госпрограмма-развитие науки-и_технологий_2013-2020
 
ISO Certificate
ISO CertificateISO Certificate
ISO Certificate
 
L'educació emocional, per a una educació integral. N. Mas UVIC-UCC
L'educació emocional, per a una educació integral. N. Mas UVIC-UCCL'educació emocional, per a una educació integral. N. Mas UVIC-UCC
L'educació emocional, per a una educació integral. N. Mas UVIC-UCC
 
certficate 19
certficate 19certficate 19
certficate 19
 
HSE specialist certificates grade
HSE specialist certificates gradeHSE specialist certificates grade
HSE specialist certificates grade
 
Slideshare
SlideshareSlideshare
Slideshare
 
Palestra jundiaí outro 2
Palestra jundiaí outro 2Palestra jundiaí outro 2
Palestra jundiaí outro 2
 

Mehr von Bill Duncan

Red Hat Accredited Professional - Red Hat Sales Specialist Infrastructure as ...
Red Hat Accredited Professional - Red Hat Sales Specialist Infrastructure as ...Red Hat Accredited Professional - Red Hat Sales Specialist Infrastructure as ...
Red Hat Accredited Professional - Red Hat Sales Specialist Infrastructure as ...Bill Duncan
 
Ibm bluemix—from idea to application by karim abousedera
Ibm bluemix—from idea to application by karim abousederaIbm bluemix—from idea to application by karim abousedera
Ibm bluemix—from idea to application by karim abousederaBill Duncan
 
IBM Federal Systems Integrator Forum at InterConnect
IBM Federal Systems Integrator Forum at InterConnectIBM Federal Systems Integrator Forum at InterConnect
IBM Federal Systems Integrator Forum at InterConnectBill Duncan
 
Create software builds with jazz team build
Create software builds with jazz team buildCreate software builds with jazz team build
Create software builds with jazz team buildBill Duncan
 
How DOORS Helps JPL Get to Mars & Beyond
How DOORS Helps JPL Get to Mars & BeyondHow DOORS Helps JPL Get to Mars & Beyond
How DOORS Helps JPL Get to Mars & BeyondBill Duncan
 
Space Quarterly: September 2011
Space Quarterly: September 2011Space Quarterly: September 2011
Space Quarterly: September 2011Bill Duncan
 
Tutorial: Create a custom work item in Rational Team Concert
Tutorial: Create a custom work item in Rational Team ConcertTutorial: Create a custom work item in Rational Team Concert
Tutorial: Create a custom work item in Rational Team ConcertBill Duncan
 
How to implement access restrictions to your EA artifacts using Rational Syst...
How to implement access restrictions to your EA artifacts using Rational Syst...How to implement access restrictions to your EA artifacts using Rational Syst...
How to implement access restrictions to your EA artifacts using Rational Syst...Bill Duncan
 
Speed delivery of Android devices and applications with model-driven development
Speed delivery of Android devices and applications with model-driven developmentSpeed delivery of Android devices and applications with model-driven development
Speed delivery of Android devices and applications with model-driven developmentBill Duncan
 
Optimize load handling for high-volume tests with IBM Rational Performance Te...
Optimize load handling for high-volume tests with IBM Rational Performance Te...Optimize load handling for high-volume tests with IBM Rational Performance Te...
Optimize load handling for high-volume tests with IBM Rational Performance Te...Bill Duncan
 
Improve software development project success with better information
Improve software development project success with better informationImprove software development project success with better information
Improve software development project success with better informationBill Duncan
 
Automate document generation from SysML models with Rational Rhapsody Reporte...
Automate document generation from SysML models with Rational Rhapsody Reporte...Automate document generation from SysML models with Rational Rhapsody Reporte...
Automate document generation from SysML models with Rational Rhapsody Reporte...Bill Duncan
 
Automate document generation from sys ml models with rational rhapsody report...
Automate document generation from sys ml models with rational rhapsody report...Automate document generation from sys ml models with rational rhapsody report...
Automate document generation from sys ml models with rational rhapsody report...Bill Duncan
 
Inadequate Security Practices Expose Key NASA Network to Cyber Attack
Inadequate Security Practices Expose Key NASA Network to Cyber AttackInadequate Security Practices Expose Key NASA Network to Cyber Attack
Inadequate Security Practices Expose Key NASA Network to Cyber AttackBill Duncan
 
Integrate Rational DOORS and Rational Team Concert change management
Integrate Rational DOORS and Rational Team Concert change managementIntegrate Rational DOORS and Rational Team Concert change management
Integrate Rational DOORS and Rational Team Concert change managementBill Duncan
 
IBM Rational Harmony Deskbook rel 3.1.2
IBM Rational Harmony Deskbook rel 3.1.2IBM Rational Harmony Deskbook rel 3.1.2
IBM Rational Harmony Deskbook rel 3.1.2Bill Duncan
 
Advanced Rational Performance Tester reports
Advanced Rational Performance Tester reportsAdvanced Rational Performance Tester reports
Advanced Rational Performance Tester reportsBill Duncan
 
Developing service component architecture applications using rational applica...
Developing service component architecture applications using rational applica...Developing service component architecture applications using rational applica...
Developing service component architecture applications using rational applica...Bill Duncan
 
Managing requirements across Analysis and Design phases using System Architec...
Managing requirements across Analysis and Design phases using System Architec...Managing requirements across Analysis and Design phases using System Architec...
Managing requirements across Analysis and Design phases using System Architec...Bill Duncan
 
What's New in Rational Team Concert 3.0
What's New in Rational Team Concert 3.0What's New in Rational Team Concert 3.0
What's New in Rational Team Concert 3.0Bill Duncan
 

Mehr von Bill Duncan (20)

Red Hat Accredited Professional - Red Hat Sales Specialist Infrastructure as ...
Red Hat Accredited Professional - Red Hat Sales Specialist Infrastructure as ...Red Hat Accredited Professional - Red Hat Sales Specialist Infrastructure as ...
Red Hat Accredited Professional - Red Hat Sales Specialist Infrastructure as ...
 
Ibm bluemix—from idea to application by karim abousedera
Ibm bluemix—from idea to application by karim abousederaIbm bluemix—from idea to application by karim abousedera
Ibm bluemix—from idea to application by karim abousedera
 
IBM Federal Systems Integrator Forum at InterConnect
IBM Federal Systems Integrator Forum at InterConnectIBM Federal Systems Integrator Forum at InterConnect
IBM Federal Systems Integrator Forum at InterConnect
 
Create software builds with jazz team build
Create software builds with jazz team buildCreate software builds with jazz team build
Create software builds with jazz team build
 
How DOORS Helps JPL Get to Mars & Beyond
How DOORS Helps JPL Get to Mars & BeyondHow DOORS Helps JPL Get to Mars & Beyond
How DOORS Helps JPL Get to Mars & Beyond
 
Space Quarterly: September 2011
Space Quarterly: September 2011Space Quarterly: September 2011
Space Quarterly: September 2011
 
Tutorial: Create a custom work item in Rational Team Concert
Tutorial: Create a custom work item in Rational Team ConcertTutorial: Create a custom work item in Rational Team Concert
Tutorial: Create a custom work item in Rational Team Concert
 
How to implement access restrictions to your EA artifacts using Rational Syst...
How to implement access restrictions to your EA artifacts using Rational Syst...How to implement access restrictions to your EA artifacts using Rational Syst...
How to implement access restrictions to your EA artifacts using Rational Syst...
 
Speed delivery of Android devices and applications with model-driven development
Speed delivery of Android devices and applications with model-driven developmentSpeed delivery of Android devices and applications with model-driven development
Speed delivery of Android devices and applications with model-driven development
 
Optimize load handling for high-volume tests with IBM Rational Performance Te...
Optimize load handling for high-volume tests with IBM Rational Performance Te...Optimize load handling for high-volume tests with IBM Rational Performance Te...
Optimize load handling for high-volume tests with IBM Rational Performance Te...
 
Improve software development project success with better information
Improve software development project success with better informationImprove software development project success with better information
Improve software development project success with better information
 
Automate document generation from SysML models with Rational Rhapsody Reporte...
Automate document generation from SysML models with Rational Rhapsody Reporte...Automate document generation from SysML models with Rational Rhapsody Reporte...
Automate document generation from SysML models with Rational Rhapsody Reporte...
 
Automate document generation from sys ml models with rational rhapsody report...
Automate document generation from sys ml models with rational rhapsody report...Automate document generation from sys ml models with rational rhapsody report...
Automate document generation from sys ml models with rational rhapsody report...
 
Inadequate Security Practices Expose Key NASA Network to Cyber Attack
Inadequate Security Practices Expose Key NASA Network to Cyber AttackInadequate Security Practices Expose Key NASA Network to Cyber Attack
Inadequate Security Practices Expose Key NASA Network to Cyber Attack
 
Integrate Rational DOORS and Rational Team Concert change management
Integrate Rational DOORS and Rational Team Concert change managementIntegrate Rational DOORS and Rational Team Concert change management
Integrate Rational DOORS and Rational Team Concert change management
 
IBM Rational Harmony Deskbook rel 3.1.2
IBM Rational Harmony Deskbook rel 3.1.2IBM Rational Harmony Deskbook rel 3.1.2
IBM Rational Harmony Deskbook rel 3.1.2
 
Advanced Rational Performance Tester reports
Advanced Rational Performance Tester reportsAdvanced Rational Performance Tester reports
Advanced Rational Performance Tester reports
 
Developing service component architecture applications using rational applica...
Developing service component architecture applications using rational applica...Developing service component architecture applications using rational applica...
Developing service component architecture applications using rational applica...
 
Managing requirements across Analysis and Design phases using System Architec...
Managing requirements across Analysis and Design phases using System Architec...Managing requirements across Analysis and Design phases using System Architec...
Managing requirements across Analysis and Design phases using System Architec...
 
What's New in Rational Team Concert 3.0
What's New in Rational Team Concert 3.0What's New in Rational Team Concert 3.0
What's New in Rational Team Concert 3.0
 

Kürzlich hochgeladen

Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Zilliz
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbuapidays
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusZilliz
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 

Kürzlich hochgeladen (20)

Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source Milvus
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 

Protecting Citizen Data Using IBM Rational Cybersecurity Solutions

  • 1. IBM Software Government Rational Protecting citizen data using IBM Rational cybersecurity solutions Help reduce security risks while providing online government services A digital, connected government helps simplify processes and makes Highlights access to government information more easily accessible for public sector agencies and citizens, which can result in a wealth of benefits, ● Enables agencies to scan and test for from improving citizen satisfaction and participation to reducing opera- common web application vulnerabilities to help reduce security risks tional costs. Many agencies have initiatives in place to improve their government-to-citizen service model, but the same Internet technologies ● Supports compliance objectives with that are essential to achieving these objectives also open up areas of seri- standardized reporting for common reporting needs ous risk. In July 2009 the news cycle included stories about a series of coordinated cyber attacks that were launched against major government, ● Helps reduce the risk and cost of news media and financial websites in South Korea and the United States. enabling new services by identifying potential vulnerabilities in the develop- As 2010 came to a close, the world had become witness and victim to ment process mounting cyber warfare where public and private entities were at risk. News headlines abound on cyber attacks and vulnerabilities such as the Stuxnet virus, increasing cyber warfare and the Gawker breach. Government agency systems are at risk from individuals, organizations, nations and “hacktivist” movements looking for ways to wreak havoc either out of malice or simply to cause headaches. Internet threats con- tinue to evolve as well, making compliance with security standards a constantly moving target. Governments need to stay on top of technolo- gies that will enable them to enhance confidentiality, privacy and authentication, both to protect transaction data and citizen information from inappropriate disclosure or use and to ensure that citizens know and understand that they are protected. Furthermore, there has been increased concern over data security on social websites that may affect the military and information on troop movements, plans and private communications. Many government agencies are aware of the increased need for security; however, they may have challenges executing the necessary steps to pro- tect their infrastructure. Government IT departments, like just about all other areas of government, are facing lower budgets and constrained resources. Agencies need to find ways to maintain the stability and secu- rity of their existing systems while creating the next generation of cost-effective, smarter solutions.
  • 2. IBM Software Government Rational IBM Rational® software provides the tools to create these new development life cycle (SDLC), but the time and costs to do so applications and manage development costs while helping to can be prohibitive. And unfortunately, hackers regularly demon- reduce security risks. strate their ability to circumvent security controls by finding and exploiting new vulnerabilities. Having software tools in Identifying vulnerabilities to manage risk place to help analyze vulnerabilities in your services can relieve Generally speaking, a vulnerability is anything in your com- some of the pressure. puter system that may result in a weakening or breakdown of the confidentiality, integrity or accessibility of the computing IBM Rational AppScan® software provides web application system. Over time, the industry has identified thousands of security vulnerability scanning, testing and reporting. It auto- vulnerabilities to computing systems. According to the mates vulnerability assessments for a broad set of technologies IBM X-Force 2010 Mid-Year Trend and Risk Report, “Web appli- including Asynchronous JavaScript and XML (AJAX), Adobe® cation vulnerabilities continue to be the most prevalent type of Flash software, and web services. It provides customization and vulnerability affecting servers today. … The number of Web extensibility for the open source community, advanced remedia- application vulnerabilities continues to climb at a moderately tion recommendations, and a Pyscan framework for penetration steady rate of 3,000 to 4,000 disclosures per year.”1 testers. Assessments are designed to make organizations aware of problems in advance and to help establish a prioritized road As you create new online services, it would be ideal if all soft- map to address discovered security vulnerabilities. ware used in your applications were developed and tested for security vulnerabilities at each phase of the software Outsourced applications Preexisting applications Packaged applications Applications developed in-house Case management Applications application System identity and from disparate access management Communications sources Citizen access portal and collaboration Vulnerability identification IBM Rational solutions for security and compliance Vulnerability remediation Assessed and validated applications Figure 1: Rational solutions for security can help you manage potential vulnerabilities across your application infrastructure. 2
  • 3. IBM Software Government Rational Automating compliance tasks to reduce tools work in conjunction with Rational AppScan and Rational workload Policy Tester software to help you design, develop and deliver To maintain the public trust and address regulatory obligations, security-rich software and systems that address the needs of you need the ability to demonstrate that you have taken reason- your citizens. able steps to safeguard your systems. But performing these assessments consistently and cost-effectively requires significant For organizations that may not have internal web application effort. Automation can help alleviate that burden. security and compliance expertise, IBM can deliver Rational AppScan and Rational Policy Tester functionality as a full- IBM Rational Policy Tester™ software helps organizations service, turnkey, software-as-a-service (SaaS) offering that is reduce their online risk and exposure by identifying issues that hosted, managed and run for you by IBM Rational experts. We affect website compliance and usability. Inventory and privacy can explain results and findings in detail and guide you through reports help you determine the makeup of your site and the remediation process. SaaS is designed to provide a low-cost, whether you are adhering to posted privacy policies. From an fast-time-to-value alternative to licensed software. analysis perspective, IBM Rational website compliance solutions automate content scanning to facilitate compliance with privacy, Why IBM? accessibility and key industry regulations, such as the Sarbanes- IBM is one of the only vendors in the marketplace today that Oxley Act, as well as internal web quality standards. can address virtually the entire spectrum of IT security and risk. IBM is trusted by thousands of organizations worldwide to To ease the burden of reporting, Rational AppScan software reduce their risk exposure across the business—including its includes more than 40 standardized regulatory compliance people, data, applications, network and endpoints, and physical reports, including reports for the Federal Information Security infrastructure. With IBM Rational software, we can help you Management Act (FISMA), the National Institute of Standards build security into the fabric of your infrastructure to help you and Technology (NIST), the Payment Card Industry Data better protect data and address regulatory compliance require- Security Standard (PCI DSS), the Health Insurance Portability ments for applications and websites. And with automated and Accountability Act (HIPAA) and many others. Rational regulatory report generation, you can spend less time on your Policy Tester privacy reports can help support compliance compliance obligations and more time on making your services requirements for the Safe Harbor Act, Section 208; Sarbanes- smarter and your citizens more satisfied. Oxley; HIPAA, the Gramm-Leach-Bliley Act (GLBA); the Children’s Online Privacy Protection Act (COPPA) and others. IBM Rational solutions can help protect government agencies from the increased security risk exposure caused by the online Managing the life cycle to control costs delivery of government services. IBM Rational software can If you’re building your own applications, reducing vulnerabili- help you build security into the fabric of your infrastructure to ties early in the life cycle may be one of the best ways to help help better protect data and address regulatory compliance optimize security and reduce development costs. Assessing requirements for applications and websites. IBM is well posi- applications during the development phase can be an ideal way tioned to help you safeguard your infrastructure because it is to reduce vulnerabilities and to simplify the assessment and one of the only vendors in the marketplace today that can reporting process later on. IBM Rational software development address virtually the entire spectrum of IT security and risk. 3
  • 4. For more information To learn more about IBM Rational security solutions for the government sector, contact your IBM sales representative or IBM Business Partner, or visit: ibm.com/rational/solutions/government © Copyright IBM Corporation 2010 Additionally, financing solutions from IBM Global Financing IBM Corporation can enable effective cash management, protection from tech- Software Group Route 100 nology obsolescence, improved total cost of ownership and Somers, NY 10589 return on investment. Also, our Global Asset Recovery Services U.S.A. help address environmental concerns with new, more energy- Produced in the United States of America efficient solutions. For more information on IBM Global December 2010 Financing, visit: ibm.com/financing All Rights Reserved IBM, the IBM logo, ibm.com, Rational, AppScan, and Policy Tester are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the web at “Copyright and trademark information” at ibm.com/legal/copytrade.shtml Adobe is a registered trademark of Adobe Systems Incorporated in the United States, and/or other countries. References in this publication to IBM products or services do not imply that IBM intends to make them available in all countries in which IBM operates. The information contained in this documentation is provided for informational purposes only. While efforts were made to verify the completeness and accuracy of the information contained in this documentation, it is provided “as is” without warranty of any kind, express or implied. In addition, this information is based on IBM’s current product plans and strategy, which are subject to change by IBM without notice. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, this documentation or any other documentation. Nothing contained in this documentation is intended to, nor shall have the effect of, creating any warranties or representations from IBM (or its suppliers or licensors), or altering the terms and conditions of the applicable license agreement governing the use of IBM software. IBM customers are responsible for ensuring their own compliance with legal requirements. It is the customer’s sole responsibility to obtain advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulatory requirements that may affect the customer’s business and any actions the customer may need to take to comply with such laws. 1 IBM, IBM X-Force 2010 Mid-Year Trend and Risk Report, August 2010. Please Recycle RAS14070-USEN-00