IBM i Security Tips
by Carol Woodbury
April 2010

Who Should Own User Profiles?
by Carol Woodbury 

I'm often asked the question, who should own user profile objects? User profiles often end up being owned by a variety of people - security administrators, various group profiles, help desk personnel and operators. Rather than having profiles owned by an individual or group profile, I prefer to have the profile be owned by ...
 
SECURITY NEWSSTAND
PCI Council readying end-to-end encryption guidance
 
The PCI Security Standards Council is studying a number of emerging technologies ...

... and plans to issue a guidance document on end-to-end encryption when it releases the next version of the PCI Data Security Standards (PCI DSS), due out in October. Bob Russo, general manager of the PCI Council, said researchers are preparing documentation on what he calls the latest industry "big buzz word."  Other technologies being studied include the use of tokenization and chip and PIN technologies to protect credit card data and how virtualization affects data protection technologies. 

HITECH Act increases HIPAA security requirements

For the first time ever, a hospital was audited for compliance with HIPAA security requirements.

The Health Information Technology for Economic and Clinical Health (HITECH) Act, part of the American Recovery and Reinvestment Act signed into law last year, earmarks about $19 billion in incentives to encourage adoption of electronic health record technology but also expands on HIPAA's security and privacy requirements. In addition to instituting new breach notification rules and extending the rules to health care business associates, HITECH implements a new tiered system that increases civil monetary penalties for noncompliance and also allows state attorney generals to file civil actions for HIPAA violations.

CEOs Paying Attention To Security

CIO is the person most frequently held responsible for data protection, survey says ...

 
SkyView Partners Solutions
SkyView Partners is dedicated to providing software that helps you reduce the costs and complexities of attaining and maintaining compliance.

SkyView Policy Minder is an IBM i & i5/OS security compliance management tool that automates security policy compliance monitoring and delivers comprehensive security administration functionality. 
 
SkyView Risk Assessor is an automated IBM i & i5/OS security diagnostic tool that analyzes your security settings from more than 100+ "risk points" compared to security best practices.
In This Issue
Who Should Own User Profiles?
PCI Council readying end-to-end encryption guidance
HITECH Act increases HIPAA security requirements
CEOs Paying Attention To Security
SkyView Partners Solutions
Free Webinar

Coffee with Carol Woodbury

Implementing Object Level Security -
(An award-winning COMMON presentation)

by Carol Woodbury

Tue, Apr 20, 2010
10:00 AM PDT

More organizations are realizing the need for implementing object level security - especially for database files that contain information which must comply with various laws or regulations. But the question many administrators have is, how do you secure files without breaking the application or other processes?

This session explains how. Configuration options, testing steps, "gotchas" to avoid, along with real-life examples will be discussed.
Customer Spotlight


"Before implementing Policy Minder, we spent a lot of time creating SOX compliance reports and queries. Now I just go in, print a Policy Minder report and, boom, I'm done! We were able to clean up, secure and get everything correct without spending months doing it."
 
Global Operations Manager
International Rectifier
SkyView Partners is an IBM Advanced Business Partner