Close X

Securing loopholes in compliance in the z/OS environment


Presentation

Action Software have developed systems and management software since 1980.

Background on how the industry has moved from Industry Standards – ITIL, GDPR, CoBIT - to Compliance - Sox, PCI DSS and now EU-GDPR. How the industry and technology has advanced in a short space of time and compliance has evolved from Corporate to Member level.

The penalties for non-compliance.

We worked with a highly experienced IT Auditor to map Industry Standards, Frameworks and Deficiencies for the z/OS environment. We produced a 12-page document listing some of the key areas that might get forgotten but will be picked up by auditors. The document lists the Control Category, the relevant Industry Standard or Framework, the control requirements and the risk of taking no action. (It also lists where our product meets the objective. However, but is still a useful working document for anyone who wants to map their own risk analysis against it).

Copies of the document would be made available

Some of the main Key Risk Areas:   

Unauthorised Access 

Problem Detection

Restoring the System 

Back-up Availability

Undocumented Changes

Incomplete Audit Trail

Illegal Software Use

Aging Mainframe Personnel

Some of the control categories would then be discussed in more detail.

To-day, partly because of social media, any system problems a company experiences become public news very quickly. The longer a system is unavailable, the bigger the fines, compensation claims and bad publicity, etc.

The more that can be automated, including audit trails, the more compliant the system will be. Restoring a system to point of impact as soon as possible reduces the risks and financial impact.

(FE)

Stream: Enterprise Security
Room: Melbourne
Time: 10:30 - 11:30

Attachments

FE Attachments

Speakers


  • Sally Oliver at Action Software GmbH
  • Sally Oliver started her career in Accountancy and joined IBM in Bristol. She got promoted from the OP division to DP, managing a team of engineers. She then became one of the first 5 female DPCE Software Engineers in the country, supporting MVS, CICS, IMS and VSAM. She left to join a turnkey system provider whose product she supported throughout the UK and Europe. When she moved location, she joined PE Consulting Group working on IT projects for 5 years until the business was floated on the Stock Exchange. She started her own business and several projects for Brunel University and other education establishments, including IT training and working with small businesses on EU funded projects, and consulting for the Further Education Funding Council. For the last 2.5 years she has worked for Action Software GmbH.


    Email: sally.oliver@actionsoftware.ch

  • Sally Oliver at Action Software GmbH
  • Sally Oliver started her career in Accountancy and joined IBM in Bristol. She got promoted from the OP division to DP, managing a team of engineers. She then became one of the first 5 female DPCE Software Engineers in the country, supporting MVS, CICS, IMS and VSAM. She left to join a turnkey system provider whose product she supported throughout the UK and Europe. When she moved location, she joined PE Consulting Group working on IT projects for 5 years until the business was floated on the Stock Exchange. She started her own business and several projects for Brunel University and other education establishments, including IT training and working with small businesses on EU funded projects, and consulting for the Further Education Funding Council. For the last 2.5 years she has worked for Action Software GmbH.


    Email: sally.oliver@actionsoftware.ch

    Feedback

    Click here to give some Feedback so we can make it even better next year!