Stream: Stowe
Time: 15:15 - 16:00
New security technologies are arriving all the time.. but none of them are worth it if you've overlooked the basics. - Effort vs Reward curve. Diagram drawing the analogy between price and quality.. and Technical effort and effective/quality of security More effort = more security but the curve flattens.. Here we'll concentrate on the beginning of the curve... the basics... - Know YOUR Rules ! How to adapt your rules to the mainframe (if possible) How to check your rules are being followed. Know what’s coming ? Whats new/changed/broken. ? - Everybody Identified ? Everything that happens in the system must be "loggable" + attributed to a userid.. Humans, machines, internal processes (possible..) - Everything protected... ALL Datasets.. ALL system Commands.. (displays ? ?) All system resources - IBM Z Specific Mechanisms... (Logstreams/BCPii etc) - Everything logged ? ICH408I and all its variants... SMF explained What to log, and what not to. (performance against cost..) - No functional privileges shared ? ( maybe same as above..) All users in functional group using the same userid ? - Everyone knows their role/responsibility ? Correct process for provisioning/de provision. What’s your decisional mandate when there's a problem ?
D
Click here to give some Feedback so we can make it even better next year!