Despite a quality selection of auditing and compliance tools for IBM i, security problems in 2013 are largely "same old, same old."

Written by John Ghrist

Probably as much as two decades ago, when the IBM i was still the AS/400 and being touted as the most secure computing system in the world (mostly due its magnificent isolation), there were still security problems experts could point to. Primarily these were 1) not enough accountability for changes to databases, 2) too many users holding too-powerful security profiles, and 3) unauthorized users gaining access to systems (e.g., due to weak passwords).

Misconceptions are common regarding how users are granted command privileges.

Written by Robin Tatam

Editor's note: This article introduces the white paper "Managing Privileged Users on IBM i," free for download at the MC White Paper Center.

For years, analysts have predicted the demise of the platform whose heart beats in the chest of many of the world's largest organizations. But frustrated industry experts reject the notion that IBM i is outdated, citing highly scalable 64-bit Power-PC technology, class-leading reliability, and integrated security. Much of the controversy involves the "green screen," so IBM and many third-party solution providers have sought to provide users with a modern GUI to their IBM i applications.

Carol Woodbury and her team refresh everyone's memory as to what PCI means to the IBM i.

Written by Skyview Partners

Editor's Note: This article is an introduction to the webinar "The 12 Sections of PCI DSS and How Each Relates to the IBM i" available free from the MC Webinar Center.

While one may think that the Payment Card Industry (PCI) is a thing of the past and that it's already been implemented, that's not the case. Some retailers are just beginning to understand how PCI applies to them, and other organizations have started to accept credit cards when they didn't in the past. The need to understand compliance with the PCI standard and just exactly what it translates into as far as the IBM i is concerned has left many shops wondering. You see, the PCI standard itself talks about "best practices" and uses very generic language in its descriptions, language that could apply to any computing platform.

It's imperative that IT professionals become well-versed in all of the PCI DSS regulations.

Written by Linoma Software

Editor's Note: This article introduces the free white paper "PCI DSS Compliance with Managed File Transfer" available from the MC White Paper Center.

PCI DSS compliance requirements will continually evolve under the auspices of the PCI Security Standards Council throughout a newly defined 36-month lifecycle. This may mean that the security "tweaks" that IT implements today for PCI DSS 2.0 may be inadequate to handle the data security requirements of the next version of the standard.

While many organizations exchange files by uploading them to a server in the DMZ, staging files in the publicly accessible DMZ makes them vulnerable to a variety of dangerous exploits.

Written by Linoma Software

Editor's Note: This article is an introduction to the white paper "DMZ Gateways: Secret Weapons for Data Security" available free from the MC White Paper Center.

Exchanging files with customers and trading partners is commonplace in today's global economy, but keeping that data secure remains a difficult challenge as does staying in compliance with the various regulations governing data security, including PCI DSS, HIPAA, SOX, GBLA, and more.

Navigating the PCI DSS requirements can be challenging, but this white paper can help.

Written by Robin Tatam

Editor's Note: This article is an introduction to the white paper "PCI Compliance for Power Systems Running IBM i" available free from the MC White Paper Center.

According to the eye-opening "Chronology of Data Breaches" maintained by Privacy Rights Clearinghouse (privacyrights.org), a consumer advocate organization, unauthorized access to data is growing into an everyday occurrence. Many shocking breaches are the result of egregious errors made by the guardians of the data. Some do not involve a criminal perpetrator; many others involve nefarious access to information and data—typically for financial gain.

Get started with PCI and learn why every company should be in compliance.

Written by Robin Tatam

Few things strike fear into the hearts of consumers and businesses more than a breach of financial information. Why? Because it hits us where we're most sensitive: our pocketbooks! Long gone are the "good ol' days" when hackers were motivated by the challenge of breaking though security. While arguably no less troubling, a guarded admiration and respect was earned as a result of the intelligence and creativity exhibited by those early individuals. After all, these cyber-battles often pitted the little guy against "the Man." The more impenetrable the defenses, the greater the respect garnered by the individual who was able to break in.

An organization's data is a vital corporate asset. So how do you determine how much security is enough to adequately protect that data?

Written by Carol Woodbury

Editor's Note: This is an introduction to the white paper "Protecting Your Data: How Much Security Is Enough?" available for free from the MC White Paper Center.

The answer to how much security is enough depends on the type of data, its value to your organization, and your organization's policy requirements. If the data stored on your systems is governed by a law or regulation (such as HIPAA or PCI DSS), then those laws and regulations may dictate how much is enough—at least to be in compliance with those laws and regulations. However, your organization may decide that those requirements are not sufficient to adequately secure the data. In this case, you may add additional requirements for securing the data.