Presentation
The Diminishing Returns Curve...or Audit 101
DescriptionNew security technologies are arriving all the time.. but none of them are worth it if you've overlooked the basics.
- Effort vs Reward curve.
More effort = more security but the curve flattens..
- Know YOUR Rules !
How to adapt your rules to the mainframe (if possible)
How to check your rules are being followed.
Know what’s coming ? Whats new/changed/broken. ?
- Everybody Identified ?
Everything that happens in the system must be "loggable" + attributed to a userid..
Humans, machines, internal processes (possible..)
- Everything protected...
ALL Datasets..
ALL system Commands.. (displays ? ?)
All system resources - IBM Z Specific Mechanisms... (Logstreams/BCPii etc)
- Everything logged ?
ICH408I and all its variants...
SMF explained
What to log, and what not to. (performance against cost..)
- Everyone knows their role/responsibility ?
Correct process for provisioning/de provision.
What’s your decisional mandate when there's a problem ?
- Effort vs Reward curve.
More effort = more security but the curve flattens..
- Know YOUR Rules !
How to adapt your rules to the mainframe (if possible)
How to check your rules are being followed.
Know what’s coming ? Whats new/changed/broken. ?
- Everybody Identified ?
Everything that happens in the system must be "loggable" + attributed to a userid..
Humans, machines, internal processes (possible..)
- Everything protected...
ALL Datasets..
ALL system Commands.. (displays ? ?)
All system resources - IBM Z Specific Mechanisms... (Logstreams/BCPii etc)
- Everything logged ?
ICH408I and all its variants...
SMF explained
What to log, and what not to. (performance against cost..)
- Everyone knows their role/responsibility ?
Correct process for provisioning/de provision.
What’s your decisional mandate when there's a problem ?
Event Type
Technical Session
TimeTuesday, February 243:45pm - 4:45pm EST
LocationSalon 14
Security and Compliance
Service Delivery