Stream: Virtual Room 3
Time: 11:15 - 12:00
- Effort vs Reward curve.
Diagram drawing the analogy between
price and quality..
and
Technical effort and effective/quality of security
More effort = more security but the curve flattens..
Here we'll concentrate on the beginning of the curve... the basics...
- Know YOUR Rules !
How to adapt your rules to the mainframe (if possible)
How to check your rules are being followed.
Know what’s coming ? Whats new/changed/broken. ?
- Everybody Identified ?
Everything that happens in the system must be "loggable" + attributed to a userid..
Humans, machines, internal processes (possible..)
- Everything protected...
ALL Datasets..
ALL system Commands.. (displays ? ?)
All system resources - IBM Z Specific Mechanisms... (Logstreams/BCPii etc)
- Everything logged ?
ICH408I and all its variants...
SMF explained
What to log, and what not to. (performance against cost..)
- No functional privileges shared ? ( maybe same as above..)
All users in functional group using the same userid ?
- Everyone knows their role/responsibility ?
Correct process for provisioning/de provision.
What’s your decisional mandate when there's a problem ?
There is currently no attachment for The diminishing returns curve...or audit 101
Mainframe Trainer Colman O'CARROLL Mainframe Trainer Colman has been working in the IBM mainframe universe for almost 35 years. Originally as a TPF Assembler Application Programmer in the UK, USA, Germany and France. After Settling in France in the early 2000's Colman migrated to z/OS Systems Programming and Architecture. He currently specialises in z/Systems project consulting with an emphasis on security and is heavily engaged in training up the next generation of mainframers.
Click here to give some Feedback so we can make it even better next year!