SkyView Partners - i5/OS Security Experts
IBM i Security Tips
by Carol Woodbury
September 2009
Carol Woodbury
Setting Authority is Not a One-time Event
by Carol Woodbury 
 
More organizations are seeing the business requirement to secure some of their more critical data. Whether it's general human resources information, payroll information, their vendor list in their accounts receivable files or credit card information, organizations are making the effort to set database access controls to more appropriate settings - either "deny by default" - that is, *PUBLIC *EXCLUDE or "read only" - that is, *PUBLIC *USE. Unfortunately, once the effort has been made to set the access controls, it's my experience that these authority settings are never re-visited. In other words, organizations make this a one-time "security project" and never examine the settings again. Unless these settings are examined on a regular basis, there's no assurance that the settings remain set to (or are in compliance with) your organization's security policy requirements. This leads to a rise in "organizational risk." That is, the risk of loss resulting from inadequate or failed internal processes.

Let's look at some examples. ...
 
SECURITY NEWSSTAND
Men Reuse Passwords More Than Women
 
More than half of French users reuse passwords, PC Tools survey finds
DuPont Alleges Second Insider Breach In Two Years

Chemical giant claims former employee was headed to China with company secrets

Hacker Ring Tied To Major Breaches Just Tip Of The Iceberg

TJX-Heartland attacker and cohorts also reportedly hacked ATM machines in 7-Elevens, but their wide net is likely just one of many

 
SkyView Partners Solutions
SkyView Partners is dedicated to providing software that helps you reduce the costs and complexities of attaining and maintaining compliance.

SkyView Policy Minder is an IBM i & i5/OS security compliance management tool that automates security policy compliance monitoring and delivers comprehensive security administration functionality. 
 
SkyView Risk Assessor is an automated IBM i & i5/OS security diagnostic tool that analyzes your security settings from more than 100+ "risk points" compared to security best practices.
In This Issue
Setting Authority is Not a One-time Event
Men Reuse Passwords More Than Women
DuPont Alleges Second Insider Breach In Two Years
Hacker Ring Tied To Major Breaches Just Tip Of The Iceberg
SkyView Partners Solutions
Customer Spotlight


"Before implementing Policy Minder, we spent a lot of time creating SOX compliance reports and queries. Now I just go in, print a Policy Minder report and, boom, I'm done! We were able to clean up, secure and get everything correct without spending months doing it."
 
Global Operations Manager
International Rectifier
User Tip

Policy Minder owners:  Make sure you are saving the SKYVIEWPMD library.  That's where all of your templates and compliance information is stored.
SkyView Partners is an IBM Advanced Business Partner
 

 Coffee with Carol Woodbury
Free Webinar

"Why Companies fail PCI audits"
by Gary Palgon and Carol Woodbury

There is a lot we can learn about passing PCI audits by looking at what others before have done.  This webinar will share the top reasons companies fail audits and what actions can be taken to make sure that your company doesn't fall victim to the same issues.
Click Here to Register