Security

Every minute of a typical workday, RACF is bombarded with hundreds, if not thousands, of requests to validate user IDs and passwords and to verify users are authorized to access resources. Almost every user action prompts a RACF check, whether to execute a program, log on to a particular CICS region, open a data set, enter an IMS transaction, access a DB2 table, initiate an operator command, perform a storage administration function, or run a Time Sharing Option (TSO) logon procedure. All the while, RACF is updating last used dates on user IDs during logons, responding to RACF commands, and initiating System Management Facilities (SMF) logging. Many of these tasks require RACF to perform I/O to its primary database and sometimes to the backup, too. Any requests that arrive while RACF is busy are placed in a queue to wait their turn. Many requestors can’t proceed until they’ve received RACF’s response. Work throughout the system can bog down while RACF works its way through any backlogs…

Read Full Article →

Despite well-publicized federal sensitive data protection, Personal Identity Protection (PIP) and Security Breach Notification (SBN) legislation, such as Sarbanes-Oxley (SOX), the Health Insurance Portability and Accountability Act (HIPAA) and the Gramm-Leach-Bliley Act (GLB), reports of personal data security breaches due to stolen or missing backup tapes continue to appear almost daily. Disk and tape storage containing sensitive data is released to the public daily when leases on enterprise storage systems expire and are returned to lease holders. No one records how much corporate and personal data is exposed when this equipment is put out into the pre-owned market, but stories abound of disk and tape containing sensitive corporate and personal data being available on eBay. The Privacy Rights Clearinghouse (www.privacyrights.org/ar/ChronDataBreaches.htm) reported at least 80 data privacy incidents in 2006 just through April, affecting potentially 5 million individuals. To date, 33 U.S. states have serious PIP and SBN legislation. The majority join California to require that companies notify customers any time “unencrypted” personal information is lost. Seven of these states went further, requiring secure erasure of all electronic disk and tape storage before disposal.

Read Full Article →

Compliance Options: GRC, Master Data, and You

Sarbanes-Oxley, HIPAA, Basel II, privacy laws—they all have something in common. They expect you to assess risk to your data and then to employ formal governance in managing that risk. Data-savvy companies have recognized this and have designed their Data Management objectives to meet not only operational requirements, but also Governance, Risk, and Compliance (GRC) requirements…

Read Full Article →

Mainframes are here to stay; they’ll continue to serve as the repositories and guardians of key corporate and governmental data. From a security perspective, their ability to efficiently process large amounts of data while protecting it from unauthorized access is unparalleled. Simultaneously, the growth of the Internet as a communications medium has placed new demands for immediate access to data stored on mainframe systems by ever larger audiences. This increased demand, coupled with the loss of mainframe technical skills among IT personnel, is threatening the mainframes’ ability to maintain the high level of data security they’ve traditionally provided…

Read Full Article →

Change Happens: Compliance and You

Considering the various accounting scandals and irregularities over the past few years, it’s easy to see how compliance and accountability at the Clevel (i.e., CEO, CFO, CIO, etc.) became mandatory (see Figure 1). As a result, regulatory bodies now mandate controls that encompass everything from financial statements at the high-level to the operating system at the low-level (see Figure 2)…

Read Full Article →

In recent months, several major banks around the world have been hit with security breaches, requiring them to send their customers alerts and, in some cases, new debit cards. Whether due to hacking, disgruntled employees or simple loss of data tapes in transport, recent news stories have made it abundantly clear that most organizations aren’t doing enough to safeguard sensitive information. And financial institutions aren’t the only ones at risk. The Justice Department is the latest example of increasing security horror stories. …

Read Full Article →

As critical business data flows across the digital universe, it carries with it an ongoing threat to an enterprise’s security. Even static data originating or residing on servers or mainframe platforms is susceptible to compromises due to new or emerging security threats. Plus, backup files transferred to off-site storage facilities can be lost, misplaced, or stolen. …

Read Full Article →