IBM i Security Tips
by Carol Woodbury
September 2010

Passing your Next Audit
by Carol Woodbury 

Audits are an ongoing, not a once-in-a-lifetime event.  How do you make sure that you pass your next audit?  How can you ensure previous issues remain resolved and you don't have to go through manual processes to remediate the issues again before your next audit? Here are 7 tips for passing your next audit ...


SECURITY NEWSSTAND
Fraud At Sprint Offers Lessons For Enterprises, Experts Say
 
Insider attacks could have been prevented with a few simple practices

The recently revealed abuse of insiders' system privileges to commit fraud at Sprint could be a wake-up call for other enterprises to implement more stringent security practices, experts said this week.

Last week, nine Sprint employees were charged with misusing their access to the telecommunications giant's systems ...  

Social Engineering Report Shows Corporate America At Risk

Final report from Defcon contest details information employees gave up over the phone

Among the unsettling results in the final report, released today, from the Social Engineering Capture The Flag contest held in August at Defcon: Security companies were just as susceptible to social engineering as nontechnology firms, Internet Explorer 6 was still in use at 65 percent of the Fortune 500 companies targeted in the contest, and nearly 90 percent of the targets willingly opened a URL that the contestants gave them.

Introducing New Products from SkyView Partners!

By popular demand, we have made the recording of our Sept 15th webinar available for viewing.

Carol Woodbury shows the features from the latest version of Policy Minder as well as provides a sneak peek of a new product that has yet to be announced!

 
SkyView Partners Solutions
SkyView Partners is dedicated to providing software that helps you reduce the costs and complexities of attaining and maintaining compliance.

SkyView Security Compliance Solution is a turnkey solution for fully installed and configured security compliance reporting on IBM i (iSeries) servers.  (All you have to do is check your email.)

SkyView Policy Minder is an IBM i & i5/OS security compliance management tool that automates security policy compliance monitoring and delivers comprehensive security administration functionality. 
 
SkyView Risk Assessor is an automated IBM i & i5/OS security diagnostic tool that analyzes your security settings from more than 100+ "risk points" compared to security best practices.
In This Issue
Title
Fraud At Sprint Offers Lessons For Enterprises, Experts Say
Social Engineering Report Shows Corporate America At Risk
Introducing New Products from SkyView Partners!
SkyView Partners Solutions
Upcoming Webinar

Coffee with Carol

Common Configuration Mistakes and How to Correct Them
by Carol Woodbury

Wed, Sep 29, 2010
8:00 AM PDT

In this Webinar security expert Carol Woodbury will discuss common IBM i configuration mistakes that she's experienced and explain alternatives - (and more secure options.)

Configuration choices are often made in haste and without consideration for their affects on the security of the system.   Or perhaps the choices are made without realizing there are alternative methods.  

Topics include system value settings, the use of special authorities (including *ALLOBJ), the (mis)management of user profiles and more.

Customer Spotlight


"Before implementing Policy Minder, we spent a lot of time creating SOX compliance reports and queries. Now I just go in, print a Policy Minder report and, boom, I'm done!. We were able to clean up, secure and get everything correct without spending months doing it."
 
Global Operations Manager
International Rectifier
SkyView Partners is an IBM Advanced Business Partner

Carol Woodbury

Q. How do you perform (independent) vulnerability assessments? 


A. That's what the SkyView "Security Check-up" is designed to address.

 

SkyView Security Check-up is a consulting service designed to provide you with a 3rd party assessment of your systems' security environment. SkyView Security Check-ups:

  • Are done offsite, so we don't have to interrupt your normal work flow.
  • Represent an independent third party verification of your security.
  • Give you a prioritized list of "next steps" to take with your systems security

Click here for a SkyView Security Check-up Fact Sheet