Compliance and Power Users

IBM i Security Tips
Carol Woodbury, Editor
July 2011

Compliance and Power Users
by Steven W. Martinson, CISSP, CISM, CISA

Senior Consultant, SkyView Partners, Inc.

In the January 2011 newsletter, Compliance Resolutions for 2011, Carol Woodbury challenged you to make some compliance resolutions, so that you wouldn't have to scramble when notified of an upcoming audit.

Number 3 on Carol's list was to perform a system vulnerability assessment at least annually. This vulnerability assessment is essentially the first step in the compliance process.

One of the primary focus areas in a vulnerability assessment (and in many audits) is the configuration and activity of power users. Based on experiences helping clients with their compliance challenges, here are some things to keep in mind when reviewing and managing powerful user accounts on both your IBM i and AIX partitions.

Let's look at some recommendations ...

Read the Complete Article

SECURITY NEWSSTAND

High-profile attacks, inadequate defenses burden IT security programs

A plethora of high-profile data security breaches that marred the first half of 2011, and other recent high-profile attacks, such as Stuxnet, Operation Aurora and state-sponsored persistent threats, have dominated the discussion in the information security community.

Read the Complete Article

Simple Isn't Simple

It's time to admit security is hard, and to stop blaming the victims for being human.

Read the Complete Article

Setting the record straight on sudo

Vincent Danen takes exception to some of the criticisms regarding sudo as insecure and unfit for the enterprise.

Read the Complete Article

How SkyView Partners Can Help

SkyView Partners is dedicated to providing software to help you simplify and automate your security administration tasks and solve your compliance requirements.

SkyView Risk Assessor - Automated vulnerability reporting.

Security begins with an assessment. Find out your system's vulnerabilities lie, receive an explanation of the issues and suggestions on where to start with SkyView Risk Assessor.

SkyView Policy Minder - Automated security policy compliance reporting for IBM i and AIX.

Find out whether your system's security configuration is in compliance with your security policies and automate security administration tasks for the IBM i and AIX with SkyView Policy Minder.

SkyView Audit Journal Reporter - Automated security event reporting.

Get pre-defined auditor-ready reports are provided, allowing you to have the security and compliance reports you need without having to understand the complexities of the IBM i audit journal with SkyView Audit Journal Reporter.

In This Issue

* Compliance and Power Users

* High-profile attacks, inadequate defenses burden IT security programs

* Simple Isn't Simple...It's time to admit security is hard

* Setting the record straight on sudo

Webinar Recording

Simplifying IBM i Security Administration Tasks

by Carol Woodbury

How many IBM i security administration tasks do you regularly perform? such as

discovering and managing inactive profiles,
detecting changes to system values (along with who made the change),
discovering who or what process has deleted an object or created a program into a production library.
and many more

Watch Carol as she demonstrates how you can automate many of these every day security administration tasks.

Click here to View Now.

Success Story

SkyView Meets Napa Recycling's IT Security Needs

"I was very comfortable with SkyView from the beginning.

They walked me through the processes involved in assessing the current system and identifying the problem, and provided a road map and user training documents.

It was easy to work with them and they made the changes solid and painless."

Mike Murray, CFO at Napa Recycling and Waste

Read the full Case Study

Helpful resources

SkyView Audit Journal Reporter - User Tip

Do you want your AJR reports in PDF format rather than as a spooled file?

Use Option 6 Change AJR Query Output Type from the AJR main menu. Specify the query name, the current output type value and either SFPD8 (FTP), SIPD8 (IFS), or SNPD8 (email) for the new output type value. For the full list of output options, see Chapter 7 - Report Formats in the AJR manual.

Coming Soon!	SkyView Policy Minder for AIX SkyView Policy Minder for AIX automates security policy compliance and delivers comprehensive security administration functionality, reducing the hours of labor intensive analysis required in the compliance process .
For more information, click here to Contact Us

SkyView Partners is an IBM Advanced Business Partner