Stream: Hybrid Cloud & Networks
Time: 15:15 - 16:00
New security technologies are arriving all the time.. but none of them are worth it if you've overlooked the basics. - Effort vs Reward curve. Diagram drawing the analogy between price and quality.. and Technical effort and effective/quality of security More effort = more security but the curve flattens.. Here we'll concentrate on the beginning of the curve... the basics... - Know YOUR Rules ! How to adapt your rules to the mainframe (if possible) How to check your rules are being followed. Know what’s coming ? Whats new/changed/broken. ? - Everybody Identified ? Everything that happens in the system must be "loggable" + attributed to a userid.. Humans, machines, internal processes (possible..) - Everything protected... ALL Datasets.. ALL system Commands.. (displays ? ?) All system resources - IBM Z Specific Mechanisms... (Logstreams/BCPii etc) - Everything logged ? ICH408I and all its variants... SMF explained What to log, and what not to. (performance against cost..) - No functional privileges shared ? ( maybe same as above..) All users in functional group using the same userid ? - Everyone knows their role/responsibility ? Correct process for provisioning/de provision. What’s your decisional mandate when there's a problem ?
There is currently no attachment for The diminishing returns curve...or audit 101
Colman has been working in the IBM mainframe universe for almost 35 years. Originally as a TPF Assembler Application Programmer in the UK, Germany and France. After Settling in France in the early 2000's Colman migrated to z/OS Systems Programming and Architecture. He currently specialises in z/Systems project consulting with an emphasis on security and is heavily engaged in training up the next generation of mainframers.
Click here to give some Feedback so we can make it even better next year!