ACH can give any organization the ability to manage all transfers of funds electronically.
- You are here:
In this article, Carol Woodbury discusses the issues surrounding compliance as well as items to address to remain in compliance.
By Carol Woodbury
I wish I had a magic formula for ensuring that your organization's security configuration was in compliance. Unfortunately, it's just not that easy. It seems that there's at least a slight twist to every organization's compliance implementation. This article endeavors to provide guidelines for you to use to determine how best to attain and remain in compliance.
Do your developers and administrators need access to production systems?
By Tom Huntington
How much authority do your developers and administrators need on your production systems? Does each programmer need *ALLOBJ authority? Have you ever failed a security audit because of too many user profiles with too much special authority? When end users call your Help Desk for help with authority problems, does the Help Desk ask for the end user's password and then sign on to test the authority issue?
By Chris Smith
Worried about viruses, worms, hackers, spam, and unwanted Web content? IBM released a new security appliance this week that promises to simplify and fortify small business networks.
The proper management of security starts way before and goes way beyond technical decisions. Technical decisions are extremely important for proper information security management, but they are neither the starting point nor the most important decisions related to effective information security management.
Yet most organizations treat information security as a purely technical issue. This, in my opinion, is why we keep seeing major incidents at large and familiar organizations (e.g., TJX). Not until high-level management understands that security is primarily a business issue and begins to assert its proper role in the security process will the state of affairs in information security begin to change. Only when this happens will it be possible to ensure the appropriate execution of the other roles. The objective of this article is to support this assertion and to describe the security business process needed to make meaningful improvements in the management of information security in the entire industry.
Santa, SkyView Partners, and i5/OS all have gifts for you!
At this time of year, children of all ages are snooping for those treasures that have been hidden and will eventually appear as beautifully wrapped presents. But until then, the hunt is on! So I thought it might be fun to "unveil" a few of the hidden treasures of i5/OS security.
One of the latest i5/OS gifts that I discovered is the ability to see who is connected to the NetServer server and which file share they used to make the connection. I've found this very helpful in determining the feasibility of removing file shares, especially those to root. Simply open iSeries Navigator -> Network -> Servers and click on TCP/IP. When the list of servers appears on the right, right-click on iSeries NetServer and choose Open.
With frequent reports of lost backup tapes, stolen laptops, and database breaches, it's time to look at the new laws and regulations that protect the privacy of data.
The reason we're hearing about all of the breaches and loss of data is because of a law first passed in California and then enacted by most other states that requires organizations to notify individuals when their private data (e.g., social security number, bank account number, credit card number, or driver's license number) has been lost, breached, or thought to have been breached. As of this writing, 38 states have passed some version of a breach notification law. Most states provide some form of exemption from notification if the lost or stolen data was encrypted. This has driven many organizations to consider encrypting their backup media.
Make your i5/OS audits as smooth as possible.
Some industries, such as finance, seem to have audits every other month—others, only once a year. Regardless of the frequency of your audits, they take up your time and energy. SkyView Partners' products and services reduce the cost of audits and eliminate the complexity of complying with the requirements of various laws and regulations. Auditors may not have actual knowledge of i5/OS security, but they typically have a "playbook" of audit points to look for in your i5/OS security configuration. Let's look at the most common ones.