sorry to interfere, but there are compliance tools to help you find the gap between vendor requirements and reality. IBM, Vanguard, CA and of course us has tools. We just automated the process of compliance checks and send the results from many so called legacy systems to a single server, so the process is completely human free. have a look at www.securiteam.co.il.
ITschak On Tue, Jan 16, 2018 at 11:44 PM, Clark Morris <cfmpub...@ns.sympatico.ca> wrote: > [Default] On 16 Jan 2018 10:06:05 -0800, in bit.listserv.ibm-main > sme...@gmu.edu (Seymour J Metz) wrote: > > >The text blaming z/OS for inept security management is bad enough, but I > found "In fact, it can be difficult to get a lot of documentation on how > mainframes work online" to be truly precious. > > > IBM documentation is voluminous but if a shop isn't staffed with > people who read and understand the necessary manuals, security will > stink. It also isn't enough to have a secure operating system. It > must be properly configured. The applications have to be written with > security in mind. The organization must make sure its employees > understand the need for security and follow good practices. The > vulnerability can be in a web-server or improperly secured networks. > From what little I have read here, I am still wondering if zIIP and > zAAp processors present a security risk and if I understand it > correctly that zIIP and zAAP code runs under an SRB. In addition the > devices that connect to the mainframe can be a security hole. > > In short, my belief is that the organizations approach to security > probably matters more the operating system and hardware chosen. > > Clark Morris > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > -- ITschak Mugzach *|** IronSphere Platform* *|* *Information Security Contiguous Monitoring for Legacy **| * ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
