MC Press Online

Thursday, Mar 30th

Last updateThu, 30 Mar 2017 1pm

You are here: Home ARTICLES Security

Security

Why IBM i Organizations Should Pay Attention to What Happens in New York

Carol Woodbury

Carol discusses how the cybersecurity law in New York will affect organizations running IBM i and how it provides guidance for organizations—even those outside of New York.

Written by Carol Woodbury

The State of New York passed a cybersecurity law that went into effect March 1, 2017. It’s one law in one state. So why should organizations outside of the control of the New York State Department of Finance be concerned about this law? Because it’s yet another indication that governments are getting serious about security.

Read more ...

New from MC Press: Identity Management: A Business Perspective

Technology advances like cloud, mobile, and Internet of Things have made identity and access management more important than ever, and also more complex. How can business leaders get a handle on their evolving identity needs?

by Anne Grubb

By making identity management a core part of business strategy, says Graham Williamson in his latest book, Identity Management: A Business Perspective. Williamson, a consultant whose expertise includes identity and access management (IAM), has written the book to help senior-level technology managers understand IAM, so they can mitigate risks and implement robust, secure identity strategies in their organizations.

Read more ...

Insiders Are a Threat to IBM i? No Way! Yes Way!

Carol Woodbury

Carol discusses how the current thoughts on insider threats needs to be redefined and how insider threats can leave IBM i vulnerable.

Written by Carol Woodbury

I read an interesting article that discussed a study done by the Ponemon Institute on the “Cost of Insider Threats.” It piqued my interest because most of the people I talk to in the IBM I world don’t believe there’s any threat by people from inside their organization. The two reasons I hear most are “I trust our employees” and “Our employees would have no clue how to get access to the system through something like ODBC. They can barely sign on to their green-screen menu.” I decided to read the actual study to determine if there was applicability to the IBM i world.

The Study defined three types of insider threats:

Read more ...

Compliance Is Dead, Long Live Compliance!

Carol Woodbury

Carol discusses how compliance requirements are not going away and, in fact, are increasing for some organizations.

Written by Carol Woodbury

Why am I talking about compliance? Compliance—in my opinion—is a tired term that was horribly over-used a few years ago. Every issue that security officers wanted to be resolved was somehow categorized as a “compliance requirement,” and every ad from all vendors—security-related or not—proclaimed the virtues of how their product solved your compliance woes.

Read more ...

Carol’s IBM i Security Wish List

Carol describes 10 things that she wishes were different when it comes to IBM i security.

carol woodburyWritten by Carol Woodbury

It’s the time of year when all children are making their Christmas wish list, hoping Santa will deliver on Christmas morning. While I’m a few years beyond believing in Santa Claus (!), I’ve created my list, just in case.

 

Wish #1: V7R3

I wish all IBM i customers would upgrade to V7R3. The Authority Collection feature added in V7R3 alone justifies the upgrade. This feature helps administrators to stop over-authorizing and enables them to remove *ALLOBJ from profiles that don’t really need it. If you are considering upgrading to V7R2, skip that thought and move right to V7R3!

Read more ...

IBM i Security Without Breaking the Bank

Stop neglecting IBM i security. Consider a risk assessment and two control layers to enjoy substantially less risk of data losswithout sending your organization into the red.

robin tatamWritten by Robin Tatam

The time is now!


While some companies take a proactive stance on becoming more secure, many more act as a result of regulation. Governments and industry bodies have enacted numerous enforceable mandates, typically as a result of a scandal or high-profile breach. The growing list of these mandates includes PCI-DSS for credit card data, MAS-TRM for financial organizations in Singapore, BASEL for the banking industry, SOX for publicly traded companies, and HIPAA for those in the U.S. healthcare industry. Operators in the European Union face a dramatic increase in fines that may be levied for data breaches since the General Data Protection Regulation (GDPR) was adopted in April 2016. This replacement for the previous “directive” will become law in May 2018, and the financial impact on companies within this territory could be quite dramatic.

Read more ...

The Lesser of Two Evils: Choosing the Better IBM i Security Configuration

Carol describes scenarios where the configuration options aren’t optimal, but a choice must be made.

carol woodburyWritten by Carol Woodbury

By the time you read this, the election in the United States will be over. Many in the States view this election as having to choose between the lesser of two evils. While I’m not going to discuss the way I voted, I thought I might discuss some similar situationswhere I’ve been presented with two IBM i configurations to choose from, and neither is optimal.

Read more ...

Tightening IBM i Security with Little Fear of Breakage

Carol describes five IBM i security settings that eliminate exposures and can be changed with very little risk of breaking anything.

Written by Carol Woodbury

I know that many of you feel handcuffed. You want to make changes to improve your IBM i security posture, but your organization is so risk averse that it’s almost impossible to make changes that have the possibility of breaking a production process. While I can’t guarantee that these changes will not cause an issue, it’s unlikely that they will.

Read more ...