• No results found

IBM Security in the Software Development Lifecycle

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "IBM Security in the Software Development Lifecycle"

Copied!
6
0
0

Loading.... (view fulltext now)

Download now ( 6 Page )

Full text

(1)

IBM Security in the Software

Development Lifecycle

(2)

1. Summary

1.1 Service Description

This offering is provided by IBM Global Technology Services, Security and Privacy, for the design and implementation of security measures, professionally tailored to meet your organisation’s specific needs through each stage of the development lifecycle.

IBM offers thorough, end-to-end security services designed to identify and address the specific needs of client software development projects. Its highly knowledgeable team of registered CLAS consultants and security architects have between them many years’ experience of implementing security programmes across both the public and private sectors, as well as for organisations of many different sizes, representing a spectrum of industries. They offer in-depth, personalised consultations, with the aim of forming a good understanding of the client’s business, style of working and the focus of the specific project. The IBM team then formulates a bespoke roadmap of security activities, tailored to ideally fit with the phases of the project and suit the specific requirements of the client. The service incorporates advice and guidance on all areas of security including:

• Physical security e.g. secure perimeters

• Information security e.g. firewalls, password protection • Personnel security e.g. access control

• Network security

• Architecture and solution designs

Specifications in which IBM has a great deal of prior experience include the design and implementation of security processes on projects that ensure compliance with recognised standards such as ISO27001. We also tailor our methods to those that fit best with the client’s modus operandi, for example endeavouring to keep system outages to a minimum in order to maintain key live environments. Dependent on our clients’ requirements and budget, we offer full management of security roadmap implementation or continued consultation support for clients’ own implementation teams.

(3)

1.2 Service Characteristics

Lot Security in the Development Lifecycle

Applicability Any medium-large public or private sector organisation embarking on a development project, for which they require comprehensive security protection.

Contract Duration Flexible – to be agreed in the Call-Off Order

Contract Price Variable based on time and materials depending on agreeing, with the Contracting Authority, the resources required for the Call-Off Order, based on the IBM SFIA rate table. The price will be subject to VAT and out of pocket expenses incurred outside the M25.

Lead time to start 2 weeks Related Lot(s)

/Offering(s)

IBM Hosted Vulnerability Management 'VMS'

IBM Host Security Event and Log Management (SELM)

1.3 Why IBM

• IBM has been a member of the CESG Listed Adviser Scheme (CLAS) since 2002 and currently employs a total of 11 CLAS consultants as well as high quality independent contractors. In addition to CLAS, our consultants hold qualifications such as CISSP, CISM, CISA, IISP, ISO27001 Lead Auditor & Implementer, CSSLP, CRISC, Certified Data Protection Practitioner, CEH and Tiger Scheme as well as IBM Certification at Experienced and Expert levels as Security Consultants and Security Architects.

• As a List X organisation IBM has a full time List-X Security Controller with access to the full Security Policy Framework. We work closely with the security authorities to implement physical and personnel security as well as information security. As a result of this our CLAS consultants are able to advise on vetting and physical security matters, undertaking a Security Assessment for Protectively Marked Assets (SAPMA) where appropriate.

• Our approach to documenting and delivering information security controls, processes and procedures consistently is in accord with ISO/IEC27002:2005. We have extended this with technical standards for implementation and configuration of security functions, based on our extensive experience of deploying solutions in high assurance environments. This approach, together

(4)

effect on recent projects including IABS for the UKBA which was accredited for live operations in February 2012. Accreditation included signing the GSI Code of Connection and interconnecting with POISE (Home Office IT system) and the UKBA Warnings Index.

• IBM has a strong catalogue of experience in designing and implementing security processes for all types of organisations. We have a constant presence in

numerous large-scale public sector projects and also do a great deal of security work for private companies in the telecommunications, financial and industrial spheres. Our consultants have backgrounds in various types of project and are skilled at assessing an organisation’s business and project requirements and designing bespoke security solutions accordingly.

1.4 Contact

Contact Name Steve Cliff

Title IBM UK Cloud Alliances Executive Address PO Box 41

North Harbour Portsmouth Hants, PO6 3AU Contact Email [email protected] Contact Phone 07710 035877

http://www-935.ibm.com/services/uk/en/it-services/security-and-privacy-services.html?lnk=mseIS-secu-uken

(5)

2.

Delivery

2.1 Context

During a development project, numerous new security vulnerabilities inevitably arise: the creation or application of intellectual property in a new capacity necessitates the implementation of protective measures; involvement with other organisations may pose a risk to personal or business data security, possibly even requiring adherence to pre-specified standards such as ISO27001; and access control must be considered to protect against asset loss or mismanagement. When all hands are occupied with development work, it is often all too easy to let security considerations slip, and yet this could store up potentially serious problems for the future.

2.2 What we will deliver

With this service offering, IBM takes responsibility for identifying and assessing all the potential security threats applicable to a project and provides detailed professional guidance on the measures that may be taken to address these. IBM will work with you to fully understand the nature and complexities of your business in order to provide the most closely-applicable, thorough and watertight security solutions possible. Our highly experienced consultants have extensive knowledge of applying security measures to many different types of organisation, so they offer a clear, tested, and sharply-defined service, which delivers palpable value quickly. Some of the specific services IBM offers as part of its package are:

• Thorough analysis of the potential security issues at each stage of the development lifecycle. This can be achieved using the Capability Maturity Model Integration (CMMI) standard

• Tailored and documented strategies, covering physical, personnel, network and information security

• Continued consultations with CLAS consultants as required throughout each stage of the project

• Pen testing

• Managed Security Working Group (SWG) meetings to ensure regular communication with your organisation and keep track of new security-related issues

(6)

include a proposal of how we can support you in achieving the desired outcome by applying a number of skilled IBM delivery professionals into your delivery organisation to give you some short term delivery capacity, allowing you to free up your own team to deliver the changes required.

2.3 Commercials

This will be a Time and Materials contract however, following the first phase of the work, there could be the opportunity to discuss the conversion of the initial quote into either a Fixed Price or Risk/Reward based contract in order to provide increased flexibility for your organisation.

Initial work will be carried out under the Strategy and Architecture category of the IBM SFIA rate table unless agreed otherwise.

Follow on work will be under the appropriate category(ies) of the IBM SFIA rate table. The scope of work will be set out in the Call Off Order Form and agreed by both parties. Follow on services to enable you to complete implementation of cloud services can be provided by IBM. Details should be agreed via the Call-Off Order and priced using the IBM SFIA rate card.

2.4 Key Points

Other key points to note are as follows:

• This offering is subject to availability of IBM resources.

• The Charges for this Service are on the basis that no Parent Company Guarantee is required. If one is required and agreed to by IBM then the Charges will be revised accordingly.

• The pricing and terms on individual call-off orders should be handled as commercially sensitive by the Contracting Body.

• As the work is of a sensitive and secure nature, security standards will be agreed between IBM and the Contracting Body, and IBM will ask the Contracting Body to issue a Security Aspects letter.

• The work is subject to IBM’s Terms of Business, which are attached separately to this catalogue item.

References

Download now ( PDF - 6 Page - 259.72 KB )

Related documents

Investor Presentation For the year ended on March 31, 2010

Security Service Security Service Application Software Development Application Software Development Outsourcing Consulting Operating Service Customization Tuning Maintenance of

The Security Development Lifecycle

Central Security Team assigns Security Advisor Central Security Team assigns Security Advisor.

ISA Security Compliance Institute

ISASecure Security Levels Robustness Testing Secure Development Lifecycle Assessment Functional Security Assessment Secure Development Lifecycle Assessment Functional Security

Pursuing the mission of third sector organizations in the context of interorganizational networks: implications to strategy

As noted by (Klijn & Koppenjan, 2014), go-alone strategies in networks tend to be negative for problem-solving, as they tend to be sub-optimal. In fact, although several TSOs

Contingency Contracting Officer Proficiency Assessment Test Development for Construction, Architect-Engineer, and Contingency Contracting

Averaging 20 questions per task, the research team provided a written PAT containing approximately 800 test items covering the 45 tasks identified in the 51C/1102 Proficiency

Mathematics family

[r]

Growth of Different Strains of Three Fishes and Water Spinach ( Ipomoea Reptans Poir) Based Aquaponic

Kesimpulan yang dapat ditarik dari peneli- tian ini adalah pada budi daya akuaponik ikan bersama kangkung, ikan lele menunjukkan per- tumbuhan tertinggi

Entrepreneurship, or the creation of a new

Moreover, the share of jobs created by establishment births in small firms (1 to 19 employees) was much higher in the services industry than in manufacturing.. The following