Greg, Others have given you more information than you probably wanted, but I am going to add one more. To the list of 11 items that Elardus supplied earlier in the day, I would add one more. His number 10 - Give them IBM's Statement of Integrity. APAR reasons for security are hidden and you are usually asked to apply them because of some 'vulnurability' which IBM usually declines to divulge. - should be enhanced to say "Give them a IBM's Statement Of Integrity as well as the Statement of Integrity for every other OEM software product you have installed as well as every in-house written application you have installed." While such a Statement does not 100% guarantee that no exposure exits; it does give the guarantee that if an exposure is found it will be corrected just as soon as possible. Any vendor that does not have such a Statement on file that they can readily supply indicates that they haven't given this subject much thought.
Russell Witt CA 1 Support Manager -----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Greg Dorner Sent: Tuesday, March 27, 2012 10:07 AM To: [email protected] Subject: Malicious Software Protection Dear IBM-MAINers, Our auditors are insisting that we install a product that protects against malicious software (viruses, worms, trojans, etc.). Does anyone know of a product that does this? I heard that McAfee is coming out with a z/OS product "later this year", but I called them and they had no idea what I was talking about. z/OS, with proper security controls (and believe me - we have LOTS!) should not have to worry about such things, at least that's what I've always heard. Any input on this topic would be GREATLY appreciated!! Thanks, Greg Dorner, WPS Insurance Corp. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
