HP ENTERPRISE SECURITY GOVERNANCEPeace of mind for a complex and interconnected information ecosystemAt-a-glance

Your enterprise is part of a huge and complex information ecosystem, one where contracts, outsourcing agreements, internal collaboration sites, and electronic data exchange link you to customers, suppliers, and multiple IT service providers. And even though you safeguard information assets internally, how do IT service providers handle your information? Security provisions exist in your contracts and outsourcing agreements, of course; but how can you be sure your service providers are applying appropriate controls, and that those controls actually protect your information?

Governance that goes beyond the firewallHP Enterprise Security Governance services help integrate and maintain your security processes and policies in alignment with business drivers, legal and regulatory requirements, and threat profiles. We offer governance services for your interactions with all your service providers, including HP. These governance services position you to respond quickly to security and compliance challenges, and to manage and control those challenges successfully and effectively.

HP Information Security Management (ISM)HP Information Security Management comprises a range of security management services, all designed to provide independent assurance that service providers protect your information assets in line with your security policies and standards. Information Security Management sits between you and your IT service providers, including HP, and gives you an independent, enterprise-wide view of compliance.

Instead of juggling several different service providers for security matters, you deal only with an HP ISM Security Manager. This professional can act on your behalf for information security issues around your IT infrastructure. HP ISM collects and analyses security compliance and risk information, providing you with assurance that service providers are applying the required security controls. If an issue arises, your ISM Security Manager coordinates the activities of service providers to resolve it.

Here are details of some specific ISM services:

•Information Security Risk Management—identifying, recording, and analysing risks related to IT services delivered by outside providers and within your IT infrastructure; this service keeps you apprised of risks in your IT infrastructure and assures you they are treated in line with your IT budget and risk appetite,

and it identifies where other ISM services should be targeted for maximum effectiveness

•Compliance Assurance Management—monitoring, verifying, auditing, and reporting against the security controls employed by your IT service providers to help ensure that noncompliances are effectively and robustly managed

•Threat and Vulnerability Management—monitoring potential threat sources (e.g., vendors, independent websites, etc.) to identify threats and vulnerabilities that could adversely affect your systems, services, or information. The service also coordinates responses, minimizing impact to your business

•System Certification Management—assuring you that new or updated IT systems and services have been designed to operate in compliance with your security policies as well as applicable standards required by government or regulatory bodies

•Policy Management—maintenance of your security policy portfolio

•Change Management—inspection and review of change requests to determine their impact on security

•Awareness—delivering consistent messages across your supplier communities

•Incident Management—coordination of major security incident responses across your service providers

•Problem Management—post-incident investigation support and analysis of security incidents

•IT Security Health Check & Penetration Test Management, Computer Forensic Management, & Covert Access Management—facilitation, review, analysis, representation, and recommendation for these security issues

•Security Scanning—infrastructure auditing

•Enterprise Security Event Management—critical infrastructure monitoring (in conjunction with HP Managed Security Services)

HP ISM gives you an end-to-end view of both your security posture and that of your service providers. It is your assurance of effective security throughout your connections to the information ecosystem.

Account Security Management (ASM)If you depend on outsourced services—such as desktop computing or hosting—from HP, HP ASM is the means by which you are provided with

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.

4AA3-9671ENW, Created February 2012

Share with colleagues

confidence in their secure operation. ASM is embedded within the governance layer of HP’s service delivery, ensuring that HP, as your service provider, applies all the security controls mandated in your outsourcing agreement and associated contracts. As with ISM, a key benefit of ASM is a client-specific contact person, known here as the HP Account Security Officer. This security professional is part of the HP organization, ensuring the effective application and monitoring of security.

HP Secure BoardroomHP Secure Boardroom is a hosted secure Web portal that provides a total view of your enterprise information security by consolidating and aggregating security data collected from your IT infrastructure and presenting it as an easily understandable graphical display. You can quickly view the status of risk-related issues, gain insight and information about security weaknesses, and recommend operational and process improvements that result in an enhanced security and risk posture. HP Secure Boardroom gives you the visibility and control to make business decisions based on actual risk assessments; it is a single point of reference you can trust.

Features include:

•Encrypted Web portal access—provides secure and controlled availability of your data anytime, from virtually anywhere

•Clear, streamlined presentation—aggregates and simplifies complex information security data so you can report with confidence at a corporate level

•Managed access control—lets you define individual permission levels for confidential data

•Integration with leading vendor software—displays up-to-date threat feeds and security event reporting, all in one place

•Standardized reporting output—produces reports quickly from multiple data sources

•Benchmarking tool—allows easy comparison and assessment of your security posture

Why HP for Enterprise Security GovernanceHP Enterprise Security Governance brings together the very best of our experienced and professional security governance experts to deliver a wide range of adaptable, field-proven, business-focused governance services. These governance services can support change throughout the entire Assess, Transform, Optimize, and Manage (ATOM) security lifecycle, and will help your organization to apply security investments that target and reduce the most important information risks. You gain more confidence in your IT infrastructure and a better ability to securely exploit business opportunities.

For more informationwww.hp.com/enterprise/security

Yourorganization

SecureBoardroom

HP ISM service delivery manager

HP Information Security Management (ISM)

HP Account SecurityManagement

Service provider Service provider Service provider

HP accountsecurity officer

Service provider