Skip to main content

 
Professional certification
  >  
Certifications
  >  
Test information

Test 889: Fundamentals of Enterprise Solutions Using IBM Tivoli Security 2007


Overview Objectives Test Preparation

Section 1 - Establish the Customer's Baseline (planning/inventory)

  1. Given the company organization chart schedule an introductory meeting with customer sponsor and all interested parties so that a list of key players and decision makers with corresponding roles and responsibilities is created.

    2. With emphasis on performing the following steps:
    1. Identify customer sponsor.
    2. Schedule an introductory meeting with customer sponsor and all interested parties.
    3. Record key names and identify key players, including key decision makers.
    4. Verify that key players and decision makers are valid.
    5. Match key players with key security functionality within the organization.
    6. Compile a final list of key players and decision makers (title, contact information, etc.).

  2. Given a list of key decision makers, interview key decision makers and compile the customer’s security requirements so that a document is created containing the customer’s business and desired security requirements.

    3. With emphasis on performing the following steps:
    1. Document the customer’s business requirements.
    2. Obtain customer’s immediate business/security needs.
    3. Obtain customer’s long term business/security vision.
    4. Schedule meetings with key decision makers.
    5. Interview key decision makers.
    6. Gather customer’s stated security requirements.
    7. Compile a list of governing standards that affect security direction and customer.
    8. Document customer’s stated security requirements.
    9. Compile a list of desired security requirements from customer. This may include (single enterprise or federated):

      10. --authentication
      --authorization
      --audit compliance
      --identity management
      --provisioning
      --privacy management
      --risk management
      --single sign-on
    10. Document customer’s stated security requirements.

  3. Given the availability of customer key personnel, describe the networking, operating systems, relational databases, applications (Java, .NET, etc.) and key vendor (SAP, Siebel, PeopleSoft, etc.) environments within the customer organization so that a document is produced that properly describes the customer environments.

    4. With emphasis on performing the following steps:
    1. Request information on networking, operating systems, relational databases, applications and key vendor environments.
    2. Validate customer reported environment is accurate and up to date.
    3. Interview and meet with the technical owners of the networking, operating systems, relational databases, applications and key vendor environments to discuss potential impact on overall security design.
    4. Document findings as it relates to the security infrastructure.

  4. Given a customer contact, obtain a description of the IT and business organizational structure and create a document that represents the organizational structure within the customer environment so that the IT and business organizational structures are documented.

    5. With emphasis on performing the following steps:
    1. Request IT and business organizational structure information from customer.
    2. Process information received.
    3. Compile the results of the processed information.
    4. Create document that represents the IT and business organizational structures within the customer environment.

  5. Given a list of the customer’s business processes, identify the key areas of the processes that relate to security so that the customer’s current business processes are documented including any gaps.

    6. With emphasis on performing the following step:
    1. Identify key areas in the business process that relate to security, such as:

      2. --user administration
      --password change requests
      --user validation
      --user productivity
      --new initiative deployment
      --audit/compliance
      --provisioning
    2. Create a process map.
    3. Create a gap analysis.

  6. Given the availability of the information and key persons, document the customers IT process maturity as it relates to security by creating an overall IT Security process maturity document.

    7. With emphasis on performing the following steps:
    1. Request information on the practice of IT process maturity as it relates to security. This may include:

      2. --authentication
      >multifactor
      >common strong
      --authorization
      >privileges
      --audit/compliance
      >event audit-ability
      --identity management
      >common administration of users
      --provisioning
      >workflow
      --risk management
      >common point of security management
      --privacy management
      >privacy enforcement policy
      --single sign-on (distinguish between enterprise and web)
    2. Interview the overall Information Technology Owner and the Security Owner if applicable.
    3. Compile information received.
    4. Create a document that outlines the customer IT process maturity as it relates to security.

  7. Given the documents describing a customer’s current security environment combine the documents so that the customer's baseline is documented.

    8. With emphasis on performing the following step:
    1. Combine the documents.

Section 2 - Evaluate the Customer's IT Processes, People, and Technologies

  1. Given in-house security standards documents, certification requirements, and IBM security standards documents, retrieve existing in-house standards and certification requirements, taking into account relevant international (government or civil) standards so that a document describing relevant security standards and certification requirements is available for the project.

    2. With emphasis on performing the following steps:
    1. Retrieve existing in-house standards and certification requirements.
    2. Advise on relevant international (government or civil) standards.

  2. Given the customer baseline document, evaluate the baseline to identify authorization, authentication, enterprise single sign-on, audit/compliance, identity management, provisioning, risk management, and privacy scenarios so that a document describing the security scenarios to scope the project is created.

    3. With emphasis on performing the following steps:
    1. Evaluate baseline to identify authorization scenarios.
    2. Evaluate baseline to identify authentication scenarios.
    3. Evaluate baseline to identify single sign-on scenarios.
    4. Evaluate baseline to identify audit/compliance scenarios.
    5. Evaluate baseline to identify identity management scenarios.
    6. Evaluate baseline to identify provisioning scenarios.
    7. Evaluate baseline to identify risk management scenarios.
    8. Evaluate baseline to identify privacy scenarios.
    9. Document security scenarios.

  3. Given the customer's baseline and security scenarios, analyze business processes from a security perspective so that a document describing true security requirements is created.

    4. With emphasis on performing the following steps:
    1. Analyze business processes from an authorization perspective.
    2. Analyze business process from an authentication/single sign-on perspective.
    3. Analyze business processes from an audit/compliance perspective.
    4. Analyze business process from an identity management perspective.
    5. Analyze business process from a provisioning perspective.
    6. Analyze business process from a risk management perspective.
    7. Analyze business process from a privacy perspective.
    8. Document business scenarios and their security impact.

Section 3 - Identify Security Opportunities

  1. Given the customer’s baseline and true security requirements, perform an analysis so that a document describing the gaps in the customer’s security environment is produced.

    2. With emphasis on performing the following steps:
    1. Analyze customer’s baseline document against industry and international (government or civil) standards and regulations to identify gaps.
    2. Analyze the customer’s security requirements document against industry and international (government or civil) standards and regulations to identify gaps.
    3. Analyze the customer’s baseline and security requirements to determine security gaps in customer’s current environment with respect to their security goals. For example, if a customer wants to implement self care.
    4. Document gaps in customer's security plan.

  2. Given the understanding of the customer’s true security requirements and the understanding of Tivoli's security offerings (including IBM, other Tivoli, and Tivoli Partner products), match the customer’s security requirements to Tivoli security solutions and consolidate into a single document identifying those opportunities.

    3. With emphasis on performing the following steps:
    1. Identify delta in Tivoli security software offerings vs. customer’s true security requirements, for example:

      2. --IBM – SSL accelerator cards or ThinkPad fingerprint reader
      --Partner products – PKI, nCipher
      --Tivoli security products like Identity Manager etc.
    2. Make recommendations to fill gap.
    3. Record findings.

  3. Given the understanding of the customer, industry and IBM/Tivoli’s long-range vision for security solutions, define long-range vision for future direction of customer’s security solutions and consolidate into a single document.

    4. With emphasis on performing the following steps:
    1. Analyze customer documents or results of interviews expressing vision to determine influence on future direction.
    2. Analyze the current security industry standards to determine influence on future direction.
    3. Analyze IBM/Tivoli’s security vision to determine influence on future direction.
    4. Incorporate the current security industry standards into future direction.

Section 4 - Create, Justify, and Deliver Solution Design/Recommendation

  1. Given the documents previously generated (baseline, evaluation results, identified security opportunities), describe the solution’s design comprehensively so that the customer has a clear idea of the value of the proposed solution.

    2. With emphasis on performing the following step:
    1. Explain IBM/Tivoli’s security strategy.
    2. List the recommended IBM Tivoli security solution and describe its business value.
    3. Describe the technical value of recommended IBM Tivoli security solution.
    4. Describe general security concepts related to recommended customer solution.
    5. Assess customer’s skill set against recommended IBM Tivoli security solution.
    6. Explain “Best Practices” for IT processes as it relates to the solution.
    7. Create business case justification for project.
    8. Differentiate IBM security solution from competitors.
    9. Identify scope of customer’s operational IT environment as it relates to the solution.
    10. Identify roles required to implement IBM Tivoli security solution in customer’s environment.
    11. Assess the potential impact to the customer’s current environment.
    12. Highlight performance and availability characteristics of recommended customer’s security solution.
    13. Describe IBM Tivoli security products, functionality, and integration points involved in the customer solution.

  2. Given a list of Tivoli products in the solution and results of prior and ongoing interactions with customer personnel, provide the customer with a document describing recommended education.

    3. With emphasis on performing the following steps:
    1. Gather educational materials relevant to security requirements.
    2. Disseminate recommended educational opportunities and related materials relevant to the recommended solution.

  3. Given the solution design document and education recommendations, create a transition document so that interested parties can review it.

    4. With emphasis on performing the following steps:
    1. Describe any security related examination services available, i.e. security readiness, security reviews etc.
    2. Create a transition plan (recommended solution and education).
    3. Make transition plan available for interested parties.

Test registration

Authorized Prometric test centers (worldwide testing)