In “Introducing a maturity model for employee offboarding controls” on page 17, we introduce a maturity model for offboarding security processes. Different organizations may accept varying risk levels in regards to offboarding and they may want to investment differently for offboarding control processes. The maturity model is designed to accommodate these differences.
Finally, in “IBM solutions to address maturity levels” on page 18, we sketch out some of the different products and services that can be applied at each of the maturity levels.
Introducing the IBM Security Framework and IBM Security Blueprint
Business leaders are expected to manage risk in their areas of responsibility in the same way that CFOs manage risks in their domains. Security risks and the potential impact on IT need to be communicated to executive peers in business terms. Additionally, they need to align IT security controls with their business processes, monitor and quantify IT risk in business terms, and dynamically drive business-level insight at the executive level. They need to manage risk and orchestrate security operations in a way that enforces compliance and optimizes business results.
IBM created a comprehensive IT security framework to describe key business security concerns, as shown in Figure 1.
Figure 1 The IBM Security Framework
The IBM Security Framework groups concerns into five key security domains, shown at the center of the diagram. These domains are wrapped by the unifying topic of Security Governance, Risk Management, and Compliance.
While the IBM Security Framework addresses business oriented concerns, the IBM Security Blueprint describes a technology-agnostic and solution-agnostic view of the security management processes and security controls that need to be in place to address the business security concerns.
Using the IBM Security Blueprint to Address Business Risks for Employee Offboarding