Operate

Operate: Daily monitoring and administration to meet policies, including detecting and responding to service problems, security breaches, and unauthorized or potentially damaging changes.

Operations is characterized by monitoring, but also includes the practice of security incident management. Security operations – when implemented most effectively – is usually integrated into an organization’s existing processes and procedures for IT operations. As detailed below, the activities for this stage are directly supported by NetIQ Security Manager, a rules-based, security incident and event management solution.

The Operate Stage is characterized by three (3) primary activities:

1. Efficiently Review Security Logs & Events: Many IT security-related regulations (e.g., HIPAA Security Rule) and standards (e.g., COBIT) require system or security activity reviews. NetIQ Security Manager provides the consolidation and review of security and other logs from critical servers and devices, such as Windows, UNIX, Linux, and iSeries servers as well as network devices, antivirus applications, and more. It then enables summary reporting, online analysis (via OLAP), and robust query capabilities for the data warehouse of log files that it creates and maintains. In doing so, customers can reduce the time for reviewing log files from hours to minutes, and meet or exceed many regulatory requirements.
2. Detect Threats, Changes & Policy Violations: Threats vary from automatons and disgruntled employees to external hackers and criminal. They can arise suddenly and often are impossible to predict. However, changes and policy violations can significantly compromise the security of systems, exposing them to risks or directly causing performance problems. NetIQ Security Manager provides the automated detection of security events and incidents, such as potential intrusions, system changes, and policy violations.
3. Manage Security Incidents: As threats vary, so do incidents. Security incidents include attacks, policy violations such as unauthorized access of resources, and changes to security and control mechanisms. The nature of the incident dictates the procedures for, speed of and personnel involved in the response. NetIQ Security Manager supports rapid incident response and tracks security alerts through resolution. With this technology, incident response teams have log information at their fingertips. NetIQ Security Manager also tracks security events and alerts through response steps, such as acknowledgement, first-level assignment and so forth. Deviations from agreed-upon response times are also tracked.

NEXT: Control

 

Solutions
	Overview
	Enterprise Sys. & App. Management
	Security & Compliance Management
	Operational VMware Management
	IT Process Automation
	Regulations & Standards
	Platforms & Applications
	Industry Solutions
	IT Infrastructure Library (ITIL)
	By Roles & Responsibilities

The Fusion of Compliance and Risk Management Whitepaper