Book Review: IBM i Security: Administration and Compliance

IBM i (OS/400, i5/OS)
Typography
  • Smaller Small Medium Big Bigger
  • Default Helvetica Segoe Georgia Times

If you have any interest in IBM i security, whether as an administrator, a programmer, or an auditor, then this book is the perfect resource.

 

In this era of legislative and regulatory mandates, computer security has quickly become one of the most popular—and critical—initiatives for organizations of every size and in every business sector. Even those that are not forced to comply with an official directive should consider enhancing their security to ensure protection of their business data assets.

 

The IBM i operating system contains integrated security functions. These functions work in conjunction with the Power hardware to provide world-class integrity features and object-level controls. Unfortunately, these functions often remain at their IBM-shipped value, which—contrary to popular belief—means that users have access to system operations and permission to read, change, and update application data.

 

I work in the IBM i security industry. I'm a security subject-matter-expert for COMMON, and I conduct IBM i security assessments. I'm also responsible for publishing my employer's annual "State of IBM i Security" study. These activities provide me with insight into the security challenges of organizations operating on IBM Power Systems servers running IBM i.

 

In my opinion, one of the biggest inhibitors to the widespread deployment of these controls is that there's an assumption that the operating system is naturally secure and that nothing remains to be configured. While IBM i might be one of the most securable server operating systems, it certainly doesn't come configured that way. In addition, there's a marked lack of knowledge of this topic in both the technical and audit community.
 

System values need to be reviewed and established. Audit controls need to be understood and configured. Unfortunately, overly powerful users often undermine controls that may have been implemented and should be aligned using Role-Based Access Control (RBAC). Without a good foundation of knowledge, different controls can conflict and undermine the benefit that should be gained from their deployment.

 

As the AS/400 Chief Security Architect for more than 10 years, Carol Woodbury packs more security expertise in her petite stature than most people twice her size! IBM i Security: Administration and Compliance is the fourth book that Carol has authored on the subject, and I own all of them. For me, the most standout feature of all four editions has been the clarity with which the subject matter is explained. Unlike most documentation, this book is actually readable, and I recommend it to any client who is looking for educational material.

 

The book is divided into 20 chapters that span 350 pages. Written content includes discussion of critical technical topics, as well as planning and deployment techniques. Comprehensive—but easily understood—explanations are given for object-level controls, Integrated File System, auditing, system values, and user profiles. There's even a chapter on the creation of an incidence response plan—a task that's often overlooked until it's too late. I continue to use this book as reference source, and I love how I still discover tidbits of information.

 

It's my professional opinion that this book is the work of a consummate expert in this field. If you have any interest in IBM i security, whether as an administrator, a programmer, or an auditor, then this book is the perfect resource.

 

 

Robin Tatam

Robin Tatam is the Director of Security Technologies for PowerTech, a leading provider of security solutions for the System i. As a frequent speaker on security topics, he was also co-author of the Redbook IBM System i Security: Protecting i5/OS Data with Encryption. Robin can be reached at 952.563.2768 or This email address is being protected from spambots. You need JavaScript enabled to view it..

BLOG COMMENTS POWERED BY DISQUS

LATEST COMMENTS

Support MC Press Online

$

Book Reviews

Resource Center

  •  

  • LANSA Business users want new applications now. Market and regulatory pressures require faster application updates and delivery into production. Your IBM i developers may be approaching retirement, and you see no sure way to fill their positions with experienced developers. In addition, you may be caught between maintaining your existing applications and the uncertainty of moving to something new.

  • The MC Resource Centers bring you the widest selection of white papers, trial software, and on-demand webcasts for you to choose from. >> Review the list of White Papers, Trial Software or On-Demand Webcast at the MC Press Resource Center. >> Add the items to yru Cart and complet he checkout process and submit

  • SB Profound WC 5536Join us for this hour-long webcast that will explore:

  • Fortra IT managers hoping to find new IBM i talent are discovering that the pool of experienced RPG programmers and operators or administrators with intimate knowledge of the operating system and the applications that run on it is small. This begs the question: How will you manage the platform that supports such a big part of your business? This guide offers strategies and software suggestions to help you plan IT staffing and resources and smooth the transition after your AS/400 talent retires. Read on to learn: