Implementation of RBAC and Data Classification onto a Mainframe system (v1.5)
Nov. 17, 2015•0 likes•1,322 views
Download to read offline
A walk through the challenges of implementing a Role-Based Access Control (RBAC) solution and Data Classification on the mainframe. A basic overview of the steps taken, the tools used, the problems encountered and the final benefits.
3. Who are we?
l Steve Tresadern
l 27 years mainframe experience
l Former z/OS Systems Programmer
l Experience in Cryptography, RACF, Compliance
l Rui Miguel Feio
l 15 years mainframe experience
l Experience in z/OS, RACF, zSecure, Development
l Last 4 years working in Security and implementing RBAC
5. Data Classification – What is it?
l Understanding what your data is
6. Data Classification – What is it?
l Who owns your data
7. Data Classification – Reasons to do it
l Audit requirements
l Who has privileged access?
l Who is accessing confidential information?
l Reduce the risk of fraud?
8. Data Classification – Aims
l Every dataset and resource profile must be;
l Classified in terms of confidentiality and integrity.
l All linked to an application.
l The basic security correctly defined
l Understand who has privileged access
l All applications have a business/data owner.
l Ideally they should approve all access
l Review who has access
9. Sources for Data Classification
10. Sources for Data Ownership
11. Data Classification – Challenges
l Lack of knowledge in support teams
l Development Team Processes
l Business areas cooperation
l Non-RACF based security
l Unravelling of the environment
l Service Database – Up to date?
17. RBAC – Define Standards and Rules
connected to one role
Role group describes
the business role
Role group contains all
All role groups will
have an ‘owner’
18. RBAC - Sources of data
19. RBAC Stages – An overview
Test RBAC implementation
Devise RBAC implementation plan
Engage with managers and users
Identify logical grouping
Analyse and prepare mainframe environment