Security

Which RACF class has grown from housing a few profiles to housing more than 100? Which class has grown into a major player in the control of many key z/OS services? It also has recently grown from a single class into one with a companion member-grouping class pair. You’d be correct if you answered the FACILITY class. But what services are taking advantage of this long-standing class and why has a new member/grouping class pair been created?…

Read Full Article →

Almost four years ago now, President Bush signed into legislation the U.S. Public Accounting Reform and Investor Protection Act of 2002. More commonly known as the Sarbanes-Oxley Act, or SOX, the goal of this act is to regulate corporations in order to reduce fraud and conflicts of interest, to improve disclosure and financial reporting, and to strengthen confidence in public accounting…

Read Full Article →

Moving to Secured File Transfer

File Transfer Protocol (FTP) use in the enterprise has grown and continues to grow rapidly. The reason is simple: FTP is available everywhere in the enterprise, accessible to almost everyone, and solves data exchange problems with minimal effort and cost. That’s the good news. The bad news is that most FTP activity is unsecured and the exposure to any organization, especially those coping with various new regulatory requirements, is too great to ignore. Lately, we’ve seen several companies endure the embarrassment and tarnishing of their “brand name” caused by a public omission that they lost or exposed sensitive client information…

Read Full Article →

Reading the newspaper can be scary for mainframe data center managers. Headlines shout about the theft of millions of names from credit card company databases or the loss of tapes containing sensitive records of hundreds of thousands of government employees. The scariest part may be that these data losses and the myriad problems associated with them could have been avoided. All these organizations needed was widespread encryption of stored data…

Read Full Article →

Securing the Mainframe

For decades, organizations have relied on the mainframe to run critical business applications and most still do. With the emphasis today on cost reduction and efficiency, IT managers must ensure their existing infrastructures can meet evolving needs. Often, the answer is to add more functions—such as loss prevention, supply chain management, and financial reporting to the mainframe.
 …

Read Full Article →

Year two of Sarbanes-Oxley compliance will be harder for database professionals. Even though you may have participated in massive year one SOX 404 efforts, you got off easy in one respect. Auditors hadn’t established standards for evaluating specialized database and mainframe controls. Now that auditors have promised to scrutinize these areas, IT departments have a clear choice. You can develop your own approaches to key compliance areas and sell those approaches to compliance teams, or you can accept approaches dictated by auditors with little knowledge of mainframe systems. The first choice is the best, since it lets you weigh different methods of achieving compliance and choose the method with the smallest negative impact on operations, system efficiency, and staffing.  
To be proactive, what should you focus on? Here are eight compliance issues mainframe groups should consider addressing. The first four challenges are relatively straightforward, although complete solutions may be expensive. The last four are equally important, but may be much more politically challenging. …

Read Full Article →

The first round of Sarbanes-Oxley auditing is complete for the largest U.S. public companies. The news isn’t great. About 14 percent of companies failed their audits. Several haven’t been able to file their required annual reports and have been notified by the Securities and Exchange Commission (SEC) that they may be de-listed. Plus, word has come down that IT departments should prepare themselves for a much more stringent review next year…

Read Full Article →

It would be nice to make the mainframes at our shop look more modern, sexy, and competitive compared to the Windows and Unix-based servers we’ve deployed. However, there are few opportunities for a techie to impress upper management by showing off the mainframe’s strengths. An exception is performance monitoring and management. Management is always concerned with how the mainframe is performing and how much capacity is being consumed. So why not use the best performance monitoring and reporting tools available to “knock their socks off ”?…

Read Full Article →