MC Press Online

Monday, Mar 27th

Last updateFri, 17 Mar 2017 12pm

You are here: Home ARTICLES Security Compliance/Privacy

Security / Compliance/Privacy

Why IBM i Organizations Should Pay Attention to What Happens in New York

Carol Woodbury

Carol discusses how the cybersecurity law in New York will affect organizations running IBM i and how it provides guidance for organizations—even those outside of New York.

Written by Carol Woodbury

The State of New York passed a cybersecurity law that went into effect March 1, 2017. It’s one law in one state. So why should organizations outside of the control of the New York State Department of Finance be concerned about this law? Because it’s yet another indication that governments are getting serious about security.

Read more ...

Compliance Is Dead, Long Live Compliance!

Carol Woodbury

Carol discusses how compliance requirements are not going away and, in fact, are increasing for some organizations.

Written by Carol Woodbury

Why am I talking about compliance? Compliance—in my opinion—is a tired term that was horribly over-used a few years ago. Every issue that security officers wanted to be resolved was somehow categorized as a “compliance requirement,” and every ad from all vendors—security-related or not—proclaimed the virtues of how their product solved your compliance woes.

Read more ...

TechTip: IBM i Audit Readiness—User Profile Cleanup

Having proper policies and procedures in place is the key to maintaining user profiles.

Written by Barbara Sims

An audit of your IBM i security can be stressful—people coming in and looking at your policies and procedures for how you maintain the security on your system. This doesn’t need to be a time of anxiety. I actually love being audited. Or as I call it “Audit Season.” Not only am I able to show off how well my system is being secured, but I try to impart a little knowledge to the auditor on how IBM i security works its magic. Since I’m probably in the minority for liking audits, let’s discuss one thing that can be done to make your audit a little easier.

Read more ...

Partner TechTip: More Compliance, Better Security, Less Work!

Empower IBM i to conduct its own compliance verification and enforcement.

robin tatamWritten by Robin Tatam

IT professionals often complain about the burden of managing security and maintaining compliance. As an added challenge, IBM i staff typically lack formal (or even informal) training in these disciplines. Risk is elevated when organizations ignore the reality that most Power servers operate without adequate security controls.

Read more ...

Data Masking and Assuring Security During Software Testing

Your production data could be more exposed than you think during software testing.

Written by Green Light Technology

Editor's note: This article introduces the white paper "A Road Map to Successful Data Masking," which is available free from the MC White Paper Center.

 

Data masking during software testing (or otherwise) is not the simple process that the uninitiated might suppose. Gone are the days when replacing personally identifiable information with random characters makes the grade. Obfuscating data for use in development, testing, and QA environments means you need to be able to quickly provide teams with secure sets of consistent, meaningful data that can be used again and again. But this can be difficult to achieve, particularly in geographically dispersed organizations, and especially if you don't adopt a systematic, centralized approach to de-identifying sensitive data.

Read more ...

PCI and the IBM i: If You're Not Paying Attention, You Should Be

Does your company accept credit-card payments? If so, you're responsible for Payment Card Industry (PCI) mandates.

ira chandlerWritten by Ira Chandler

Just because you run the world's most secure and reliable computing platform (the IBM i, System i, iSeries, AS/400), you're not exempt from the requirements of the international security council that dictates merchant security. Although the many best practices we employ on the IBM midrange platform generally keep the system out of the news, you still must be compliant with the industry standards.


 

We will refrain from listing the recent data breaches, knowing that you're aware of the risk you take when you store cardholder data. So, in this short article, we will address the following questions:

Read more ...

Start Thinking About Security in New Ways

Are you heads down, focused on the tasks in front of you? If so, you may be missing something. In this article, Carol discusses the need to stop, take time, and see if you need to think about things differently.

carol woodburyWritten by Carol Woodbury

At this time of year, I try to get away for a few days to relax and stop thinking about work. I've found that when I'm constantly heads down on work, I don't pick up on things around me that have changed. I tend to always do things the same way, but when I get away I may realize there's an easier or better way to do something. If I don't take a break, I'm unlikely to realize what I'm missing—as in new topics that I should be paying attention to or researching or new business opportunities that are right in front of my face but I couldn't "see" because I was too busy with other things. In this article, I'll encourage you to step back from your normal routine and see what you might be missing.

Read more ...

Are You Meeting the PCI DSS Security Standards?

Don’t take the requirements lightly; the cost of non-compliance could be very steep.

ira chandlerWritten by Ira Chandler

Acceptance of debit and credit cards is a growing requirement for businesses of all sizes. Since 2005, the Payment Card Industry Security Standards Council (PCI) has imposed strict mandates, the Data Security Standards (DSS), to ensure the security of the computer systems that process, transmit, and/or store sensitive credit card data.

Read more ...