Protecting sensitive personal data is mandated by a host of laws and standards. But what's the best method? There's the rub.

Written by John Ghrist

Of Social Security numbers (SSNs), credit card numbers, health records, and financial information, which is the most sensitive data? The good news is that there's no wrong answer. They're all "the most sensitive," depending on context and your line of business. The bad news is that protecting any of these types of information is both required and potentially expensive whether you succeed or fail to keep them secret—the latter of course being far worse.

Here are some recommendations for managing users on IBM Power Systems when time is of the essence.

Written by Martin Norman

Editor's Note: This article is an extract of the white paper "Five Shortcuts to Sensible Operational Security" available free from the MC White Paper Center.

The last 10 years have seen drastic changes in the importance and relevance of security and audit issues. I am sure we all recall at least one incident in which a software or hardware product had been rebadged or maybe just remarketed for whatever that year's hot security subject was. Many vendors were claiming to provide the only path to total compliance with the security standards of the day, and if you did not buy their products, you would find yourself in jail.

This technology isn't "bleeding edge" anymore. Now, it's solving real business problems.

Written by Pat Botz

It may surprise you to learn that IBM i shops are beginning to exploit biometric authentication. But it's true. Even though many people still believe that biometric authentication is "bleeding edge" technology, your compatriots in the IBM i world are successfully implementing it.

It may take a bit of investigation to determine exactly what authorities programmers require, but they rarely need all-encompassing special authorities.

Written by Carol Woodbury

Editor's Note: This article is an extract of the white paper "What Authorities Do Programmers Really Need?" available free from the  MC White Paper Center.

Laws and regulations require that users be given only enough authority to do the tasks associated with their jobs. In addition, auditors require IT departments to reduce the number of "powerful" users on the system. As a result, the programming staff comes under scrutiny. Why? Because they have often been given lots of power in the past. In i5/OS terms, that means programmers have been given the *ALLOBJ special authority. The question I am often asked is, "What authorities do programmers need to do their jobs?" Unfortunately, the answer is, "That depends." This article looks at how you can determine the answer to this question for your environment and also explains what authorities programmers do not need.

Combining encryption and tokenization is often the best data protection strategy for IBM i-centric organizations that want to reduce risk substantially and lower compliance costs.

Written by Gary Palgon

A few years ago, data security was largely a matter of providing firewall protection for the network and sending sensitive data from Point A to Point B through a secure connection. Today, with the plethora of data security industry mandates, data privacy laws, high-profile data breaches, and ever-savvy cybercriminals changing their attack strategies, organizations have much more at stake. Reducing the risk of a data breach is paramount for meeting compliance regulations, maintaining customer loyalty, and protecting the brand.

If your emphasis has been on acquiring the skills to put your company on the Web, you may want to ask if you have the necessary knowledge of system and network security to protect your firm once it gets there.

Written by Chris Smith

With the growing emphasis on connecting IBM i systems to the Internet, one has to ask if the current focus on developers' tools to get there isn't tantamount to educating a 10-year-old on alternative trails for skateboarding over to the interstate highway. If you don't know how to secure the system once you're online, is it really wise to keep accelerating up the onramp?

The amount of information available in the audit journal is impressive, but the AJ also is one of the system's best-kept secrets.

Written by Carol Woodbury

The following is taken from the white paper "Ways to Use the IBM i Audit Journal," available for download free from the MC White Paper Center.

One of my favorite integrated features of IBM i (iSeries) is auditing. The system can be configured to audit security-relevant actions of every profile on the system or just a handful. Or it can be configured to audit the use of objects.

The amount of information available in the audit journal is really quite amazing. Unfortunately, it's one of the system's best-kept secrets!

The recently released utility from Halcyon gives system administrators the ability to grant temporary authorities to users and then monitor their activities during a limited period.

Written by Chris Smith

A friend of mine had her identity stolen and suddenly started receiving thousands of dollars in random credit card charges before she knew what hit her. It turned out that a disgruntled employee working at the financial institution holding her mortgage had downloaded and sold her personal information—along with that of thousands of other customers—to an international crime ring. Could this happen at your company, and should you be so unlucky, how long would it take you to realize there was a security breach?