Electronic Books

How reports and alerts are reacted to, managed, and ultimately closed after being resolved.
Th e ITM program should address the interface, if any is required, between the ITM solution
and any system used to facilitate a response to a threat that is detected.


























Integrated Threat Management
9
Th is is not an inclusive list of the components of an ITM solution but serves as a foundation to
develop a program that can grow and adapt as necessary. Finally, the program also serves to help
drive and support IT governance by ensuring that the ITM program (including all required documentation,
monitoring, reaction to events, etc.) is fully operational and receiving the required
support by upper management.
Th e ITM program should also include an IT security assessment of the implementation to
measure the compliance with industry best practices and organizational policies. Th e assessment
should review the ITM appliance or infrastructure to identify any vulnerabilities introduced, it
should review the rules implemented within the ITM, and it should validate that the rules are
being properly evaluated and processed by the ITM device. Finally, as part of the ITM program,
assessments and audits of the ITM infrastructure should be scheduled on a regular basis.
Pros and Cons of an ITM Solution
Th ere are a number of bene?¬? ts to the deployment and implementation of a successful ITM program.
Th ose bene?¬? ts include consolidation, which typically drives cost and complexity, ease of
management, and integrated reporting.


Pages:
29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53