[Default] On 16 Jan 2018 10:06:05 -0800, in bit.listserv.ibm-main sme...@gmu.edu (Seymour J Metz) wrote:
>The text blaming z/OS for inept security management is bad enough, but I >found "In fact, it can be difficult to get a lot of documentation on how >mainframes work online" to be truly precious. IBM documentation is voluminous but if a shop isn't staffed with people who read and understand the necessary manuals, security will stink. It also isn't enough to have a secure operating system. It must be properly configured. The applications have to be written with security in mind. The organization must make sure its employees understand the need for security and follow good practices. The vulnerability can be in a web-server or improperly secured networks. From what little I have read here, I am still wondering if zIIP and zAAp processors present a security risk and if I understand it correctly that zIIP and zAAP code runs under an SRB. In addition the devices that connect to the mainframe can be a security hole. In short, my belief is that the organizations approach to security probably matters more the operating system and hardware chosen. Clark Morris ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
