Stream: Virtual Room 3
Time: 11:15 - 12:00
- Effort vs Reward curve.
Diagram drawing the analogy between
price and quality..
and
Technical effort and effective/quality of security
More effort = more security but the curve flattens..
Here we'll concentrate on the beginning of the curve... the basics...
- Know YOUR Rules !
How to adapt your rules to the mainframe (if possible)
How to check your rules are being followed.
Know what’s coming ? Whats new/changed/broken. ?
- Everybody Identified ?
Everything that happens in the system must be "loggable" + attributed to a userid..
Humans, machines, internal processes (possible..)
- Everything protected...
ALL Datasets..
ALL system Commands.. (displays ? ?)
All system resources - IBM Z Specific Mechanisms... (Logstreams/BCPii etc)
- Everything logged ?
ICH408I and all its variants...
SMF explained
What to log, and what not to. (performance against cost..)
- No functional privileges shared ? ( maybe same as above..)
All users in functional group using the same userid ?
- Everyone knows their role/responsibility ?
Correct process for provisioning/de provision.
What’s your decisional mandate when there's a problem ?
Email: TBA@gse.org.uk
Click here to give some Feedback so we can make it even better next year!