Your IBM i didn't come to you secure. But you certainly can—and should—make it secure.
Written by Robin Tatam
One of the presentations I make to the IBM i community is coyly entitled "7 Habits of Highly Secure Organizations." Although the title is just a play on the name of the famous series of books by motivational speaker Stephen R. Covey, its message is intended to identify several important habits that companies need to consider as part of an overall strategy for becoming first secure and then compliant. I am not suggesting that there are a finite number of habits needed to become secure or compliant, but there are some baseline practices that all companies should adhere to.
The answer to how much security is enough depends on the type of data, its value to your organization, and your organization's policy requirements. If the data stored on your systems is governed by a law or regulation (such as HIPAA or PCI DSS), then those laws and regulations may dictate how much is enough—at least to be in compliance with those laws and regulations. However, your organization may decide that those requirements are not sufficient to adequately secure the data. In this case, you may add additional requirements for securing the data.