Ibm I And I5 Os Security And Compliance

IBM i and I5/OS Security and Compliance

Author : Carol Woodbury

Publisher :

Page : 0 pages

File Size : 30,92 MB

Release : 2009-04

Category :

ISBN : 9781583041246

Get eBook

Book Description

IBM i and i5/OS Security and Compliance: A Practical Guide takes a fresh look at the world of IBM i and i5/OS security. This book takes years of the author¿s experience designing and implementing i5/OS security and makes it relevant for today¿s world. Issues that need to be addressed for compliance requirements are discussed throughout the book, providing best practices as well as alternatives and options for compensating controls when best practices cannot be applied.Building on the foundation laid by the popular Experts¿ Guide to OS/400 and i5/OS Security, this edition features completely updated information throughout. New chapters specifically address compliance requirements for IBM i, Implementing an Incident Response Plan, Implementing Role-based Access (RBAC), and Implementing Object-Level Security. Carol Woodbury¿s methodology for implementing object-level security is described in detail. Topics include determining a system¿s current settings, default access requirements, process access, and the rollout of new application security models. This information is presented in a way that lets even non-security professionals understand and apply the concepts.This book is a must-read for any auditor, system administrator, security officer, or compliance officer who works with the IBM i or i5/OS.



IBM i Security Administration and Compliance

Author : Carol Woodbury

Publisher : MC Press

Page : 0 pages

File Size : 18,8 MB

Release : 2012-05

Category : Computers

ISBN : 9781583473733

Get eBook

Book Description

Explaining the importance of developing a security policy and detailing how to implement and maintain such a system, this guide reviews IBM i security and the way it functions within IBM i systems. Written in a clear, jargon-free style, this book covers topics such as system security levels, user profiles, service tools, encryption, auditing, compliance, and incident response. The author's methodology for implementing security is described in great detail, focusing on compliance with stated policies and procedures within an organization. Useful for security and system administrators, security officers, compliance officers, and auditors, the resources available in this book help protect systems from unauthorized activities and unplanned events.



IT Security Compliance Management Design Guide with IBM Tivoli Security Information and Event Manager

Author : Axel Buecker

Publisher : IBM Redbooks

Page : 464 pages

File Size : 36,20 MB

Release : 2010-07-16

Category : Computers

ISBN : 0738434469

Get eBook

Book Description

To comply with government and industry regulations, such as Sarbanes-Oxley, Gramm Leach Bliley (GLBA), and COBIT (which can be considered a best-practices framework), organizations must constantly detect, validate, and report unauthorized changes and out-of-compliance actions within the Information Technology (IT) infrastructure. Using the IBM® Tivoli Security Information and Event Manager solution organizations can improve the security of their information systems by capturing comprehensive log data, correlating this data through sophisticated log interpretation and normalization, and communicating results through a dashboard and full set of audit and compliance reporting. In this IBM Redbooks® publication, we discuss the business context of security audit and compliance software for organizations and describe the logical and physical components of IBM Tivoli Security Information and Event Manager. We also present a typical deployment within a business scenario. This book is a valuable resource for security officers, administrators, and architects who want to understand and implement a centralized security audit and compliance solution.



IBM System i Security: Protecting i5/OS Data with Encryption

Author : Yessong Johng

Publisher : IBM Redbooks

Page : 308 pages

File Size : 34,55 MB

Release : 2008-07-24

Category : Computers

ISBN : 0738485373

Get eBook

Book Description

Regulatory and industry-specific requirements, such as SOX, Visa PCI, HIPAA, and so on, require that sensitive data must be stored securely and protected against unauthorized access or modifications. Several of the requirements state that data must be encrypted. IBM® i5/OS® offers several options that allow customers to encrypt data in the database tables. However, encryption is not a trivial task. Careful planning is essential for successful implementation of data encryption project. In the worst case, you would not be able to retrieve clear text information from encrypted data. This IBM Redbooks® publication is designed to help planners, implementers, and programmers by providing three key pieces of information: Part 1, "Introduction to data encryption" on page 1, introduces key concepts, terminology, algorithms, and key management. Understanding these is important to follow the rest of the book. If you are already familiar with the general concepts of cryptography and the data encryption aspect of it, you may skip this part. Part 2, "Planning for data encryption" on page 37, provides critical information for planning a data encryption project on i5/OS. Part 3, "Implementation of data encryption" on page 113, provides various implementation scenarios with a step-by-step guide.



Simplify Management of IT Security and Compliance with IBM PowerSC in Cloud and Virtualized Environments

Author : Dino Quintero

Publisher : IBM Redbooks

Page : 342 pages

File Size : 37,30 MB

Release : 2019-09-07

Category : Computers

ISBN : 0738457973

Get eBook

Book Description

This IBM® Redbooks® publication provides a security and compliance solution that is optimized for virtualized environments on IBM Power SystemsTM servers, running IBM PowerVM® and IBM AIX®. Security control and compliance are some of the key components that are needed to defend the virtualized data center and cloud infrastructure against ever evolving new threats. The IBM business-driven approach to enterprise security that is used with solutions, such as IBM PowerSCTM, makes IBM the premier security vendor in the market today. The book explores, tests, and documents scenarios using IBM PowerSC that leverage IBM Power Systems servers architecture and software solutions from IBM to help defend the virtualized data center and cloud infrastructure against ever evolving new threats. This publication helps IT and Security managers, architects, and consultants to strengthen their security and compliance posture in a virtualized environment running IBM PowerVM.



IBM z/OS Mainframe Security and Audit Management Using the IBM Security zSecure Suite

Author : Axel Buecker

Publisher : IBM Redbooks

Page : 494 pages

File Size : 22,56 MB

Release : 2011-08-18

Category : Computers

ISBN : 0738435880

Get eBook

Book Description

Every organization has a core set of mission-critical data that must be protected. Security lapses and failures are not simply disruptions—they can be catastrophic events, and the consequences can be felt across the entire organization. As a result, security administrators face serious challenges in protecting the company's sensitive data. IT staff are challenged to provide detailed audit and controls documentation at a time when they are already facing increasing demands on their time, due to events such as mergers, reorganizations, and other changes. Many organizations do not have enough experienced mainframe security administrators to meet these objectives, and expanding employee skillsets with low-level mainframe security technologies can be time-consuming. The IBM® Security zSecure suite consists of multiple components designed to help you administer your mainframe security server, monitor for threats, audit usage and configurations, and enforce policy compliance. Administration, provisioning, and management components can significantly reduce administration, contributing to improved productivity, faster response time, and reduced training time needed for new administrators. This IBM Redbooks® publication is a valuable resource for security officers, administrators, and architects who wish to better understand their mainframe security solutions.



Security Guide for IBM i V6.1

Author : Jim Cook

Publisher : IBM Redbooks

Page : 426 pages

File Size : 24,28 MB

Release : 2009-05-29

Category : Computers

ISBN : 0738432865

Get eBook

Book Description

The IBM® i operation system (formerly IBM i5/OS®) is considered one of the most secure systems in the industry. From the beginning, security was designed as an integral part of the system. The System i® platform provides a rich set of security features and services that pertain to the goals of authentication, authorization, integrity, confidentiality, and auditing. However, if an IBM Client does not know that a service, such as a virtual private network (VPN) or hardware cryptographic support, exists on the system, it will not use it. In addition, there are more and more security auditors and consultants who are in charge of implementing corporate security policies in an organization. In many cases, they are not familiar with the IBM i operating system, but must understand the security services that are available. This IBM Redbooks® publication guides you through the broad range of native security features that are available within IBM i Version and release level 6.1. This book is intended for security auditors and consultants, IBM System Specialists, Business Partners, and clients to help you answer first-level questions concerning the security features that are available under IBM. The focus in this publication is the integration of IBM 6.1 enhancements into the range of security facilities available within IBM i up through Version release level 6.1. IBM i 6.1 security enhancements include: - Extended IBM i password rules and closer affinity between normal user IBM i operating system user profiles and IBM service tools user profiles - Encrypted disk data within a user Auxiliary Storage Pool (ASP) - Tape data save and restore encryption under control of the Backup Recovery and Media Services for i5/OS (BRMS) product, 5761-BR1 - Networking security enhancements including additional control of Secure Sockets Layer (SSL) encryption rules and greatly expanded IP intrusion detection protection and actions. DB2® for i5/OS built-in column encryption expanded to include support of the Advanced Encryption Standard (AES) encryption algorithm to the already available Rivest Cipher 2 (RC2) and Triple DES (Data Encryption Standard) (TDES) encryption algorithms. The IBM i V5R4 level IBM Redbooks publication IBM System i Security Guide for IBM i5/OS Version 5 Release 4, SG24-6668, remains available.



Security in Development: The IBM Secure Engineering Framework

Author : Warren Grunbok

Publisher : IBM Redbooks

Page : 32 pages

File Size : 18,22 MB

Release : 2018-12-17

Category : Computers

ISBN : 0738457175

Get eBook

Book Description

IBM® has long been recognized as a leading provider of hardware, software, and services that are of the highest quality, reliability, function, and integrity. IBM products and services are used around the world by people and organizations with mission-critical demands for high performance, high stress tolerance, high availability, and high security. As a testament to this long-standing attention at IBM, demonstration of this attention to security can be traced back to the Integrity Statement for IBM mainframe software, which was originally published in 1973: IBM's long-term commitment to System Integrity is unique in the industry, and forms the basis of MVS (now IBM z/OS) industry leadership in system security. IBM MVS (now IBM z/OS) is designed to help you protect your system, data, transactions, and applications from accidental or malicious modification. This is one of the many reasons IBM 360 (now IBM Z) remains the industry's premier data server for mission-critical workloads. This commitment continues to apply to IBM's mainframe systems and is reiterated at the Server RACF General User's Guide web page. The IT market transformed in 40-plus years, and so have product development and information security practices. The IBM commitment to continuously improving product security remains a constant differentiator for the company. In this IBM RedguideTM publication, we describe secure engineering practices for software products. We offer a description of an end-to-end approach to product development and delivery, with security considered. IBM is producing this IBM Redguide publication in the hope that interested parties (clients, other IT companies, academics, and others) can find these practices to be a useful example of the type of security practices that are increasingly a must-have for developing products and applications that run in the world's digital infrastructure. We also hope this publication can enrich our continued collaboration with others in the industry, standards bodies, government, and elsewhere, as we seek to learn and continuously refine our approach.