MC Press Online

Thursday, May 25th

Last updateMon, 22 May 2017 4pm

You are here: Home ARTICLES Security

Security

Forewarned Is Forearmed

Steve Pitcher

Stop viewing IBM i as an impenetrable fortress. It’s not.

Written by Steve Pitcher

In one week, I’ll be speaking at the 2017 COMMON Annual Meeting and Expo, where I’ll be presenting a session called "IBM i and our False Sense of Security." I’ve done this session a couple of times now, and what I really try to go for is to strike sheer terror into the hearts and minds of audience members.

That’s right. Sheer terror in the form of a reality check that their systems are likely not as secure as they believe.

Read more ...

The Importance of Staying Current

Carol Woodbury

Carol discusses why and how staying up to date reduces your company’s security risk.

Written by Carol Woodbury

You might wonder why I decided to discuss this particular issue. I chose this topic because, as I read about how breaches occur—that is, how hackers are able to penetrate organizations—in many instances, it’s due to organizations not staying current.

Equipment remains with default credentials or is running an old operating system or is left unpatched—even when there are known vulnerabilities. Hackers will “drive by” or may go explicitly looking to exploit servers with known vulnerabilities.

Read more ...

The Need for an IT Security Strategy

Steve Pitcher

Security isn’t the end game. It needs to be the journey.

Written by Steve Pitcher

It’s easy to get caught in the flow of the next big thing. Mobility, security, analytics, big data, Internet of Things, cloud, and Everything as a Service seem to dominate the technology landscape in terms of where we as IT professionals should be spending our time.

Read more ...

Why IBM i Organizations Should Pay Attention to What Happens in New York

Carol Woodbury

Carol discusses how the cybersecurity law in New York will affect organizations running IBM i and how it provides guidance for organizations—even those outside of New York.

Written by Carol Woodbury

The State of New York passed a cybersecurity law that went into effect March 1, 2017. It’s one law in one state. So why should organizations outside of the control of the New York State Department of Finance be concerned about this law? Because it’s yet another indication that governments are getting serious about security.

Read more ...

New from MC Press: Identity Management: A Business Perspective

Technology advances like cloud, mobile, and Internet of Things have made identity and access management more important than ever, and also more complex. How can business leaders get a handle on their evolving identity needs?

by Anne Grubb

By making identity management a core part of business strategy, says Graham Williamson in his latest book, Identity Management: A Business Perspective. Williamson, a consultant whose expertise includes identity and access management (IAM), has written the book to help senior-level technology managers understand IAM, so they can mitigate risks and implement robust, secure identity strategies in their organizations.

Read more ...

Insiders Are a Threat to IBM i? No Way! Yes Way!

Carol Woodbury

Carol discusses how the current thoughts on insider threats needs to be redefined and how insider threats can leave IBM i vulnerable.

Written by Carol Woodbury

I read an interesting article that discussed a study done by the Ponemon Institute on the “Cost of Insider Threats.” It piqued my interest because most of the people I talk to in the IBM I world don’t believe there’s any threat by people from inside their organization. The two reasons I hear most are “I trust our employees” and “Our employees would have no clue how to get access to the system through something like ODBC. They can barely sign on to their green-screen menu.” I decided to read the actual study to determine if there was applicability to the IBM i world.

The Study defined three types of insider threats:

Read more ...

Compliance Is Dead, Long Live Compliance!

Carol Woodbury

Carol discusses how compliance requirements are not going away and, in fact, are increasing for some organizations.

Written by Carol Woodbury

Why am I talking about compliance? Compliance—in my opinion—is a tired term that was horribly over-used a few years ago. Every issue that security officers wanted to be resolved was somehow categorized as a “compliance requirement,” and every ad from all vendors—security-related or not—proclaimed the virtues of how their product solved your compliance woes.

Read more ...

Carol’s IBM i Security Wish List

Carol describes 10 things that she wishes were different when it comes to IBM i security.

carol woodburyWritten by Carol Woodbury

It’s the time of year when all children are making their Christmas wish list, hoping Santa will deliver on Christmas morning. While I’m a few years beyond believing in Santa Claus (!), I’ve created my list, just in case.

 

Wish #1: V7R3

I wish all IBM i customers would upgrade to V7R3. The Authority Collection feature added in V7R3 alone justifies the upgrade. This feature helps administrators to stop over-authorizing and enables them to remove *ALLOBJ from profiles that don’t really need it. If you are considering upgrading to V7R2, skip that thought and move right to V7R3!

Read more ...