Security is no longer something you can put off until tomorrow.
Carol Woodbury, president and co-founder of SkyView Partners, Inc., takes her years of experience and knowledge as the IBM i security expert and explains the processes that should be established and checks that should be made by every IBM i security administrator.
Carol has earned the title of IBM i security expert by working in the area of security since 1990, including 10 years working for IBM's Enterprise Server Group as the AS/400 Security Architect and Chief Engineering Manager of Security Technology in Rochester, Minnesota. Carol is an award-winning speaker and writer in the area of security. Carol's fourth book, IBM i Security Administration and Compliance, is a top-selling reference for many IBM i organizations as they determine how best to administer and implement security on their servers. Carol is Certified in Risk and Information Systems Control (CRISC.)
Systems administration is something that no system can do without. Processes and procedures for administering the system—from system saves and nightly backups, to performance tuning, to responding to alerts and messages, to upgrades—are well-defined and important aspects of system administration. Unfortunately, this well-defined set of tasks doesn't exist for security administration. Security administration is one of those bullet items on your system administration to-do list. And security usually floats to that part of the list that gets pushed out to the next day's list unless an auditor is about to arrive or an incident occurs.
As we talked with people about this book project, it became obvious that one of the biggest reasons security administration is delayed is because it's not clear what needs to be accomplished, nor is it obvious where to start. Our goal with this handbook is to define the tasks for the role of security administrator and—as with systems administration—show that with automation and good discipline, these tasks can be handled on a daily basis and blend easily into the routine tasks of system administration. Sure, system administrators might know some basics, but in reality it's the details that count. The old adage that the "devil is in the details" applies here. Through the practical experience of helping hundreds of SkyView clients implement and automate security administration, Carol has built the list of tasks that security administrators should perform. This new book from Carol Woodbury is intended as a reference for that overworked systems administrator, offering advice on a number of topics. This book succinctly explains the "what and how" of security administration.
When you start a project, it's helpful if the people on the "front lines" of IBM i security get a chance to offer input. To make sure that we address real-world experience and offer sound advice in this book, we asked a couple of people to read the book and give us their impressions. Herb Hill, Senior Manager of Information Security Services at a major Canadian financial institution said, "This guide is full of practical and logical advice that is current and relevant for the IBM i. It is a valuable reference component for logical access security deployment." Brian Hole, a CISSP with Les Schwab Tire, said, "This guide armed me with the information I needed to be assertive with vendors and keep our systems more secure. It provided sound security theory and IBM i 'practical application' all wrapped up in one place."
With the headlines talking about ATM heists and information leaks, and with things like PCI 3.0 on the horizon, security is no longer something you can put off until tomorrow. It's something you need to pay attention to daily. Specifically written for the security administrator, this book will help set the bar for how security should be configured and will become a "go to" reference for those who need to maintain security in the IBM i community.