Empowering Security and Compliance Management for the z/OS RACF Environment using IBM Tivoli Security Management for z/OS PDF Download

Author: Axel Buecker
Publisher: IBM Redbooks
ISBN: 0738450200
Category : Computers
Languages : en
Pages : 52

View

Book Description
Every organization has a core set of mission-critical data that requires protection. Security lapses and failures are not simply disruptions, they can be catastrophic events with consequences felt across the enterprise. The inadvertent mistakes of privileged users alone can result in millions of dollars in damages through unintentional configuration errors and careless security commands. Malicious users with authorized access can cause even greater damage. As a result, security management faces a serious challenge to adequately protect a company's sensitive data. Likewise, IT staff is challenged to provide detailed audit and controls documentation in the face of increasing demands on their time. Automation and simplification of security and compliance processes can help you meet these challenges and establish effective, sustainable user administration and audit solutions. This includes security database cleanup, repeatable audit of configurations and settings, and active monitoring of changes and events. IBM Tivoli Security Management for z/OS V1.11 provides these solutions to help enhance the security of mainframe systems through automated audit and administration. In this IBM® RedpaperTM document we discuss how Tivoli® Security Management for z/OS® allows you to submit mainframe security information from z/OS, RACF®, and DB2® into an enterprise audit and compliance solution and how to combine mainframe data from z/OS, RACF, and DB2 with that from other operating systems, applications, and databases in order to provide the ability to capture comprehensive log data, interpret that data through sophisticated log analysis, and communicate results in an efficient, streamlined manner for full enterprise-wide audit and compliance reporting.

Author: Axel Buecker
Publisher: IBM Redbooks
ISBN: 0738434469
Category : Computers
Languages : en
Pages : 464

View

Book Description
To comply with government and industry regulations, such as Sarbanes-Oxley, Gramm Leach Bliley (GLBA), and COBIT (which can be considered a best-practices framework), organizations must constantly detect, validate, and report unauthorized changes and out-of-compliance actions within the Information Technology (IT) infrastructure. Using the IBM® Tivoli Security Information and Event Manager solution organizations can improve the security of their information systems by capturing comprehensive log data, correlating this data through sophisticated log interpretation and normalization, and communicating results through a dashboard and full set of audit and compliance reporting. In this IBM Redbooks® publication, we discuss the business context of security audit and compliance software for organizations and describe the logical and physical components of IBM Tivoli Security Information and Event Manager. We also present a typical deployment within a business scenario. This book is a valuable resource for security officers, administrators, and architects who want to understand and implement a centralized security audit and compliance solution.

Author: Bill White
Publisher: IBM Redbooks
ISBN: 0738461172
Category : Computers
Languages : en
Pages : 136

View

Book Description
Non-compliance can lead to increasing costs. Regulatory violations involving data protection and privacy can have severe and unintended consequences. In addition, companies must keep pace with changes that arise from numerous legislative and regulatory bodies. Global organizations have the added liability of dealing with national and international-specific regulations. Proving that you are compliant entails compiling and organizing data from multiple sources to satisfy auditor's requests. Preparing for compliance audits can be a major time drain, and maintaining, updating, and adding new processes for compliance can be a costly effort. How do you keep constant changes to regulations and your security posture in check? It starts with establishing a baseline: knowing and understanding your current security posture, comparing it with IBM Z® security capabilities, and knowing the latest standards and regulations that are relevant to your organization. IBM Z Security and Compliance Center can help take the complexity out of your compliance workflow and the ambiguity out of audits while optimizing your audit process to reduce time and effort. This IBM Redbooks® publication helps you make the best use of IBM Z Security and Compliance Center and aid in mapping all the necessary IBM Z security capabilities to meet compliance and improve your security posture. It also shows how to regularly collect and validate compliance data, and identify which data is essential for auditors. After reading this document, you will understand how your organization can use IBM Z Security and Compliance Center to enhance and simplify your security and compliance processes and postures for IBM z/OS® systems. This publication is for IT managers and architects, system and security administrators

Author: Axel Buecker
Publisher: IBM Redbooks
ISBN: 0738435880
Category : Computers
Languages : en
Pages : 494

View

Book Description
Every organization has a core set of mission-critical data that must be protected. Security lapses and failures are not simply disruptions—they can be catastrophic events, and the consequences can be felt across the entire organization. As a result, security administrators face serious challenges in protecting the company's sensitive data. IT staff are challenged to provide detailed audit and controls documentation at a time when they are already facing increasing demands on their time, due to events such as mergers, reorganizations, and other changes. Many organizations do not have enough experienced mainframe security administrators to meet these objectives, and expanding employee skillsets with low-level mainframe security technologies can be time-consuming. The IBM® Security zSecure suite consists of multiple components designed to help you administer your mainframe security server, monitor for threats, audit usage and configurations, and enforce policy compliance. Administration, provisioning, and management components can significantly reduce administration, contributing to improved productivity, faster response time, and reduced training time needed for new administrators. This IBM Redbooks® publication is a valuable resource for security officers, administrators, and architects who wish to better understand their mainframe security solutions.

Author: Bill White
Publisher: IBM Redbooks
ISBN: 0738460222
Category : Computers
Languages : en
Pages : 274

View

Book Description
This IBM® Redpaper Redbooks® publication provides a broad explanation of data protection through encryption and IBM Z® pervasive encryption with a focus on IBM z/OS® data set encryption. It describes how the various hardware and software components interact in a z/OS data set encryption environment. In addition, this book concentrates on the planning and preparing of the environment and offers implementation, configuration, and operational examples that can be used in z/OS data set encryption environments. This publication is intended for IT architects, system programmer, and security administrators who plan for, deploy, and manage security on the Z platform. The reader is expected to have a basic understanding of IBM Z security concepts.

Author: Keith Winnard
Publisher: IBM Redbooks
ISBN: 0738441279
Category : Computers
Languages : en
Pages : 50

View

Book Description
This IBM® Redbooks® publication helps you to become familiar with the technical changes that were introduced to the security areas with IBM z/OS® V2R2. The following chapters are included: - Chapter 1, "RACF updates" on page 1: In this chapter, we describe the read-only auditor attribute, password security enhancements, RACDCERT (granular certificate administration), UNIX search authority, and RACF Remote sharing facility (RRSF). - Chapter 2, "LDAP updates" on page 13: In this chapter, we describe the activity log enhancements, compatibility level upgrade without LDAP outage, dynamic group performance enhancements, and replication of password policy attributes from a read-only replica. - Chapter 3, "PKI updates" on page 21: In this chapter, we describe the Network Authentication Service (KERBEROS) PKINIT, PKI nxm authorization, PKI OCSP enhancement, and RACDCERT (granular certificate administration) - Chapter 4, "z/OS UNIX search and file execution authority" on page 27: z/OS UNIX search authority, z/OS UNIX file execution, Examples for exploiting the new functions This book is one of a series of IBM Redbooks that take a modular approach to providing information about the updates that are included with z/OS V2R2. This approach has the following goals: - Provide modular content - Group the technical changes into a topic - Provide a more streamlined way of finding relevant information that is based on the topic We hope you find this approach useful and we welcome your feedback.

Author: Lydia Parziale
Publisher: IBM Redbooks
ISBN: 0738454192
Category : Computers
Languages : en
Pages : 50

View

Book Description
This IBM® RedpaperTM provides a broad understanding of the components necessary to secure your IBM z Systems environment. It provides an end-to-end architectural reference document for a use case that employs both mobile and analytics. It also provides an end to end explanation of security on z Systems from the systems of record through the systems of engagement. Security is described in terms of transactions, covering what happens after a transaction hits the system of engagement and what needs to be in place from that moment forward. The audience for this paper is IT architects and those planning to use z Systems for their mobile and analytics environments.

Author: Axel Buecker
Publisher:
ISBN:
Category : Computer networks
Languages : en
Pages : 494

View

Book Description
Every organization has a core set of mission-critical data that must be protected. Security lapses and failures are not simply disruptions--they can be catastrophic events, and the consequences can be felt across the entire organization. As a result, security administrators face serious challenges in protecting the company's sensitive data. IT staff are challenged to provide detailed audit and controls documentation at a time when they are already facing increasing demands on their time, due to events such as mergers, reorganizations, and other changes. Many organizations do not have enough experienced mainframe security administrators to meet these objectives, and expanding employee skillsets with low-level mainframe security technologies can be time-consuming. The IBM® Security zSecure suite consists of multiple components designed to help you administer your mainframe security server, monitor for threats, audit usage and configurations, and enforce policy compliance. Administration, provisioning, and management components can significantly reduce administration, contributing to improved productivity, faster response time, and reduced training time needed for new administrators. This IBM Redbooks® publication is a valuable resource for security officers, administrators, and architects who wish to better understand their mainframe security solutions.

Author: Axel Buecker
Publisher: IBM Redbooks
ISBN: 0738436984
Category : Computers
Languages : en
Pages : 422

View

Book Description
Organizations today are more widely distributed than ever before, which can make systems management tasks, such as distributing software, patches, and security policies, extremely challenging. The IBM® Tivoli® Endpoint Manager platform is architected for today's highly diverse, distributed, and complex IT environments. It provides real-time visibility and control through a single infrastructure, single agent, and single console for systems lifecycle management, endpoint protection, and security configuration and vulnerability management. This platform enables organizations to securely manage their global IT infrastructures faster and more accurately, resulting in improved governance, control, visibility, and business agility. Plus, it gives organizations the ability to handle tomorrow's unforeseen challenges. In this IBM Redbooks® publication, we provide IT security professionals with a better understanding around the challenging topic of endpoint management in the IT security domain. We focus on IBM Tivoli Endpoint Manager for Security and Compliance and describe the product architecture and provide a hands-on design guide for deploying the solution. This book is a valuable resource for security professionals and architects who want to understand and implement a centralized endpoint management infrastructure and endpoint protection to better handle security and compliance challenges.

Author: Paul Rogers
Publisher: IBM.Com/Redbooks
ISBN: 9780738489858
Category : Computers
Languages : en
Pages : 0

View

Book Description
This IBM Redbooks publication describes the implementation of RACF℗ʼ in z/OS℗ʼ Version 1 Release 8. This release continues to deliver industry leadership for security. Improvements have been introduced to further enhance the security-rich environment z/OS users rely on. These enhancements include: - RACF support for virtual key rings to treat the collection of all the certificates owned by one user ID, including the SITE and CERTAUTH reserved user IDs, as an independent key ring. The use of the CERTAUTH virtual key ring will help to eliminate the need to manually create multiple real key rings for SSL-enabled z/OS client applications such as FTP. - RACF template extensions allow templates to expand beyond their current 4K size. - RACF supports the use of passwords longer than eight characters, now called password phrases. - The RACF access control module exit, DSNXRXAC, has changed substantially with DB2℗ʼ version 9. A RACF administrators can now define a security rule before an object is created and preserve the rule for a dropped object. In addition, RACF general resources for member and group profiles can be used by an installation to protect multiple DB2 resources with a single RACF profile. - A new parameter on the IRRUT200 utility tells the utility to activate the backup data set printed to as output. This is accomplished by the utility internally issuing an RVARY ACTIVE for the backup data set after the copy is complete. IRRUT200 and IRRUT400 utilities now check whether their output data sets are active primary or backup RACF data sets on this system. - RACF in z/OS V1R8 provides a solution to some functional gaps in the way that change logging of RACF profile updates were reflected in z/OS LDAP, and an enhancement is made to LISTUSER to demonstrate whether password enveloping is enabled for a user. In addition to describing the new features, this book includes detailed steps for implementing these enhancements. It explains how to configure them for your installation and how to use them to increase the security of your environment.