SlideShare a Scribd company logo

Compliance and Event Monitoring with PowerSC Tools for IBM i

T
taford

This document discusses a compliance and event monitoring tool for IBM i systems. It provides assessments of systems for security compliance and exposures across various categories like profiles, administration, and network settings. It features a centralized data mart where collection agents from remote systems load security data. This allows generating dashboards and reports on the overall compliance status of systems in an enterprise from a single dashboard. The tool is useful for tasks like security audits, monitoring deviations from policies, and enforcing changes across multiple systems.

1 of 29
Download to read offline
Using the PowerSC Tools for IBM i Compliance and Event Monitoring Tool Compliance and Event Monitoring © 2016 IBM Corporation Compliance and Event Monitoring Tool Terry Ford Senior Managing Consultant taford@us.ibm.com February 1, 2016
Statement of Good Security Practices  IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most 2© 2016 IBM Corporation operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.
“Some organizations will be a target regardless of what they do, but most become a TARGET because 3© 2016 IBM Corporation but most become a TARGET because of what they do (or don’t do)”
Monitoring – Compliance and Monitoring to What? Company Policy and/or Standards These should define how systems should be built, maintained, monitored, and interacted with by its custodians and users. Another way of thinking about it, they are a Service Level Agreement (SLA) between Owners, Management and the people they have hired to “work” the business. Owners and Management 4© 2016 IBM Corporation the business. Owners and Management derive a “sense of security” knowing that its employees are managing the business according to this agreement. Owners and Management must be involved in the creation and maintenance of these documents. Compliance monitoring then is simply demonstrating that the employees (and management) are doing what they have been hired to do.
Compliance and Event Monitoring – Inhibitors  Security setup inherited from the past - previous owners / application designers no longer are available  For many IBM i IT departments, security is performed by an individual with multiple responsibilities – operations, administration, programming, etc.  Security implementation “how to” is often not understood, is neglected or not monitored due to time constraints.  Security policies/standards often do not exist. If they do, monitoring of compliance to the policy is not done or understood and deviation from the policies/standards 5© 2016 IBM Corporation to the policy is not done or understood and deviation from the policies/standards across the enterprise is unknown.  Gathering of security information is time consuming and scattered in multiple places on the system. The analysis of this data or monitoring of security changes is often dated by the time it is read.  How do you measure security? What are Key Risk Indicators (KRI) ? How do I prove due diligence to security monitoring?
Compliance and Event Monitoring – Measuring Security  “If you can’t measure it, how can you improve or fix it ?”  Provide evidence that risk is being managed according to enterprise defined risk thresholds empowering Senior Management to make informed risk management decisions on where best to allocate resource.  REQUIREMENTS:  Centralized view of Security Compliance status across the enterprise • No access to remote machines required • Maintain segregation of duties 6© 2016 IBM Corporation • Maintain segregation of duties • Provide management visibility, meaningful reports that drive action  Customizable Control Tests • Measurable Results • Ability to define Key Risk Indicators (KRI’s) • Traceability back to Security Standards and Company Policies  Dashboard Style Reporting • Red, Yellow (Amber), Green (RAG) Metrics • ‘Clickable’ reports – to drill down to the issue • Trending – to measure improvements (hopefully) over time
Compliance Assessment and Event Monitoring Tool “I just want to arrive in the morning, get a cup of coffee, and have a view of what systems are in compliance and which are not.” 7© 2016 IBM Corporation
Compliance Assessment and Event Monitoring Tool Provides “out of the box” assessment of systems for security compliance and exposures Profile Analysis:  Special Authorities / Inherited Privileges  Group Profiles / Ambiguous Profiles  Default Passwords / Password Expiration  Inactive Accounts Administration / Configuration:  System Values / Audit Control Settings  Invalid Signon attempts  *PUBLICLY Authorized Profiles  Privately Authorized Profiles  Initial Programs, Menus, and Attention Programs  Command Line Access  DDM Password Requirements  Registered Exit Points / Exit Programs 8© 2016 IBM Corporation  Invalid Signon attempts  Work Management Analysis  Service Tools (SST) Security  PTF Currency Network Settings:  Network attributes / Time Server  NetServer Configuration  TCP/IP servers / Autostart values  Digital Certificate Expiration  SNMP / SSH / SSL Configuration  Registered Exit Points / Exit Programs  Function Usage  Library Analysis / *ALLOBJ Inheritance  Customer Defined Items  Listening ports / Network Encryption  IP Datagram Forwarding  IP Source Routing  APPN Configuration (yes – for many it is still there)  Server Authentication Entries
Compliance Assessment and Event Monitoring Tool High Level Architecture ETL Process to Load Data Mart on Central System DB2 for i Reporting Data Mart DAILY HISTORY Remote systems Data Mart system PROFILES 9© 2016 IBM Corporation Central System DB2 Web Query Meta Data DAILY SUMMARY TABLE Created by the Compliance Assessment Tool Collection Agent (One for every LPAR) DB2 Web Query Dashboards/Reports
Compliance Assessment and Event Monitoring Tool Data Mart Tables DB2 for i Reporting Data Mart 10© 2016 IBM Corporation Detailed history of system security and compliance grading  System Attributes  Security Attributes  Best Practice  Policy / Policy Exception  User Profiles How current is the data I am viewing? Logging of success or failure of scheduled ETL processes with remote systems How do I wish to filter on and view the data? System descriptive information such as location, usage, VRM level, Template, etc. How is Red, Yellow (Amber), and Green defined? User defined thresholds for aggregate security attribute grading.
Compliance Assessment and Event Monitoring Tool – Typical Use  Demonstrating to auditors that control measures are in place  Observing and highlighting deviation from corporate security standards and policies  Demonstrating when observed deviations have occurred  Reporting defined security standards upon request by system or for the entire estate of systems  Quickly observing and assessing a broad range of security attributes (commonly known and unknown to administrators) 11© 2016 IBM Corporation known and unknown to administrators)  Quickly looking across the corporate estate for consistency in administration  Adding customer-defined items for monitoring inventory, auditing, status, etc. with incorporated scoring mechanisms provided by the tool  Deploying fixes, enhancements or changes to individual LPARs or all LPARs for compliance or alignment with standards  Monitoring PTF currency
Terry Ford, Team Lead Office: 1-507-253-7241 Help is always just an email or call away! 12© 2016 IBM Corporation Terry Ford, Team Lead Senior Managing Consultant Security Services Delivery IBM Systems Lab Services Office: 1-507-253-7241 Mobile: 1-507-358-1771 taford@us.ibm.com 3605 Highway 52 N Bldg. 025-3 C113 Rochester, MN 55901 USA
Examples and Backup 13© 2016 IBM Corporation Examples and Backup
Enterprise Dashboard - Summary of Overall System Status of all systems in the enterprise by various system attributes. - Information is based on last successful collection for each system. Compliance Assessment and Event Monitoring Tool 14© 2016 IBM Corporation
Regional Review (Drill down to overall grading and details) Compliance Assessment and Event Monitoring Tool 15© 2016 IBM Corporation
System Dashboard Key System and data collection information - Status of last collection attempt (Success or Fail) - Key System attributes – VRM, Location, etc. - Overall and detailed system grading based upon last successful collection. Compliance Assessment and Event Monitoring Tool 16© 2016 IBM Corporation
Cross System Analysis Horizontal or vertical presentation of risk indicators across LPARs Compliance Assessment and Event Monitoring Tool 17© 2016 IBM Corporation
Cross System Analysis PTF Inventory… Compliance Assessment and Event Monitoring Tool 18© 2016 IBM Corporation
Cross System Analysis PTF Currency… Compliance Assessment and Event Monitoring Tool 19© 2016 IBM Corporation
Cross System Analysis Certificate Stores … Compliance Assessment and Event Monitoring Tool 20© 2016 IBM Corporation
Monitoring Vulnerabilities Compliance Assessment and Event Monitoring Tool 21© 2016 IBM Corporation
Profile Analysis Horizontal or vertical presentation of user profiles across LPARs Compliance Assessment and Event Monitoring Tool 22© 2016 IBM Corporation
Profile Analysis Aggregation of user profiles across LPARs Compliance Assessment and Event Monitoring Tool 23© 2016 IBM Corporation
Profile Analysis Drill down into user profiles as configured across LPARs Compliance Assessment and Event Monitoring Tool 24© 2016 IBM Corporation
Event Monitoring Early Detection of Administrative Mistakes or Malicious Activity Compliance Assessment and Event Monitoring Tool 25© 2016 IBM Corporation
Performance and Availability Analysis Understand Risk of Outage due to Performance or Availability constraints Compliance Assessment and Event Monitoring Tool 26© 2016 IBM Corporation
Our Mission and Profile IBM Systems Lab Services and Training  Support the IBM Systems Agenda and accelerate the adoption of new products and solutions  Maximize performance of our clients’ existing IBM systems  Deliver technical training, conferences, and other services tailored to meet client needs  Team with IBM Service Providers to optimize the deployment of IBM solutions (GTS, GBS, SWG Lab Services and our IBM Business Partners) Our Competitive Advantage  Leverage relationships with the IBM development labs to build deep Mainframe Systems Power Systems System Storage IT Infrastructure Optimization 27© 2016 IBM Corporation 27 Successful Worldwide History  18 years in Americas  10 years in Europe/Middle East/Africa  6 years in Asia Pacific  Leverage relationships with the IBM development labs to build deep technical skills and exploit the expertise of our developers  Combined expertise of Lab Services and the Training for Systems team  Skills can be deployed worldwide to assure client requests can be met www.ibm.com/systems/services/labservices stgls@us.ibm.com IT Infrastructure Optimization Data Center Services Training Services
Leverage the skills and expertise of IBM's technical consultants to implement projects that achieve faster business value IBM Systems Lab Services and Training  Ensure a smooth upgrade  Improve your availability  Design for efficient virtualization  Reduce management complexity  Assess your system security  Optimize database performance How to contact us  email us at stgls@us.ibm.com  Follow us at @IBMSLST  Learn more ibm.com/systems/services/labservices 28© 2016 IBM Corporation  Optimize database performance  Modernize applications for iPad  Deliver training classes & conferences The image part with relationship ID rId14 was not found in the file.
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY. THANK YOUwww.ibm.com/security © Copyright IBM Corporation 2015. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and / or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.

Recommended

Security Management | System Administration
Security Management | System AdministrationSecurity Management | System Administration
Security Management | System AdministrationLisa Dowdell, MSISTM
 
IS Audit Checklist- by Software development company in india
IS Audit Checklist- by Software development company in indiaIS Audit Checklist- by Software development company in india
IS Audit Checklist- by Software development company in indiaiFour Consultancy
 
Physical Security Management System
Physical Security Management SystemPhysical Security Management System
Physical Security Management SystemDaniel Suchy, CPP, MSyI
 
Revealing the 2016 State of IBM i Security
Revealing the 2016 State of IBM i SecurityRevealing the 2016 State of IBM i Security
Revealing the 2016 State of IBM i SecurityHelpSystems
 
Internal Control And Fraud 11-19-10
Internal Control And Fraud 11-19-10Internal Control And Fraud 11-19-10
Internal Control And Fraud 11-19-10Ed Tobias
 
Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Dinesh O Bareja
 
Industrial Cyber Security: What You Don't Know Might Hurt You (And Others...)
Industrial Cyber Security: What You Don't Know Might Hurt You (And Others...)Industrial Cyber Security: What You Don't Know Might Hurt You (And Others...)
Industrial Cyber Security: What You Don't Know Might Hurt You (And Others...)Tripwire
 
It Audit Expectations High Detail
It Audit Expectations High DetailIt Audit Expectations High Detail
It Audit Expectations High Detailecarrow
 

Recommended

Security Management | System Administration
Security Management | System AdministrationSecurity Management | System Administration
Security Management | System AdministrationLisa Dowdell, MSISTM
 
IS Audit Checklist- by Software development company in india
IS Audit Checklist- by Software development company in indiaIS Audit Checklist- by Software development company in india
IS Audit Checklist- by Software development company in indiaiFour Consultancy
 
Physical Security Management System
Physical Security Management SystemPhysical Security Management System
Physical Security Management SystemDaniel Suchy, CPP, MSyI
 
Revealing the 2016 State of IBM i Security
Revealing the 2016 State of IBM i SecurityRevealing the 2016 State of IBM i Security
Revealing the 2016 State of IBM i SecurityHelpSystems
 
Internal Control And Fraud 11-19-10
Internal Control And Fraud 11-19-10Internal Control And Fraud 11-19-10
Internal Control And Fraud 11-19-10Ed Tobias
 
Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Dinesh O Bareja
 
Industrial Cyber Security: What You Don't Know Might Hurt You (And Others...)
Industrial Cyber Security: What You Don't Know Might Hurt You (And Others...)Industrial Cyber Security: What You Don't Know Might Hurt You (And Others...)
Industrial Cyber Security: What You Don't Know Might Hurt You (And Others...)Tripwire
 
It Audit Expectations High Detail
It Audit Expectations High DetailIt Audit Expectations High Detail
It Audit Expectations High Detailecarrow
 
IS audit checklist
IS audit checklistIS audit checklist
IS audit checklistiFour Consultancy Services
 
Hipaa checklist - information security
Hipaa checklist - information securityHipaa checklist - information security
Hipaa checklist - information securityVijay Sekar
 
Securing control systems v0.4
Securing control systems v0.4Securing control systems v0.4
Securing control systems v0.4CrispnCrunch
 
Security management and tools
Security management and toolsSecurity management and tools
Security management and toolsVibhor Raut
 
Ch02 mis-ctrl-appl
Ch02 mis-ctrl-applCh02 mis-ctrl-appl
Ch02 mis-ctrl-applSR NAIDU
 
Continuous Monitoring: Monitoring Strategy – Part 2 of 3
Continuous Monitoring: Monitoring Strategy – Part 2 of 3Continuous Monitoring: Monitoring Strategy – Part 2 of 3
Continuous Monitoring: Monitoring Strategy – Part 2 of 3EMC
 
Information Security Gm Aug09
Information Security Gm Aug09Information Security Gm Aug09
Information Security Gm Aug09John Reno
 
Guide for Applying The Risk Management Framework to Federal Information Systems
Guide for Applying The Risk Management Framework to Federal Information SystemsGuide for Applying The Risk Management Framework to Federal Information Systems
Guide for Applying The Risk Management Framework to Federal Information SystemsGuillermo Remache
 
Stop Chasing the Version: Compliance with CIPv5 through CIPv99
Stop Chasing the Version: Compliance with CIPv5 through CIPv99 Stop Chasing the Version: Compliance with CIPv5 through CIPv99
Stop Chasing the Version: Compliance with CIPv5 through CIPv99 Tripwire
 
5 Things Your Security Administrator Should Tell You
5 Things Your Security Administrator Should Tell You5 Things Your Security Administrator Should Tell You
5 Things Your Security Administrator Should Tell YouHelpSystems
 
System Security Plans 101
System Security Plans 101System Security Plans 101
System Security Plans 101Donald E. Hester
 
Audit Sample Report
Audit Sample ReportAudit Sample Report
Audit Sample ReportRandy James
 
Control Issues and Mobile Devices
Control Issues and Mobile DevicesControl Issues and Mobile Devices
Control Issues and Mobile Devicessunnay
 
IT Audit methodologies
IT Audit methodologiesIT Audit methodologies
IT Audit methodologiesgenetics
 
IT Audit For Non-IT Auditors
IT Audit For Non-IT AuditorsIT Audit For Non-IT Auditors
IT Audit For Non-IT AuditorsEd Tobias
 
Auditing SOX ITGC Compliance
Auditing SOX ITGC ComplianceAuditing SOX ITGC Compliance
Auditing SOX ITGC Complianceseanpizzy
 
"Backoff" Malware: How to Know If You're Infected
"Backoff" Malware: How to Know If You're Infected"Backoff" Malware: How to Know If You're Infected
"Backoff" Malware: How to Know If You're InfectedTripwire
 
Information security risk
Information security riskInformation security risk
Information security riskEtsegenet Fisseha
 
CoreTrace Whitepaper: Whitelisting And Control Systems
CoreTrace Whitepaper: Whitelisting And Control SystemsCoreTrace Whitepaper: Whitelisting And Control Systems
CoreTrace Whitepaper: Whitelisting And Control SystemsCoreTrace Corporation
 
PIM, PAM, PUM: Best Practices for Unix/Linux Privileged Identity & Access Man...
PIM, PAM, PUM: Best Practices for Unix/Linux Privileged Identity & Access Man...PIM, PAM, PUM: Best Practices for Unix/Linux Privileged Identity & Access Man...
PIM, PAM, PUM: Best Practices for Unix/Linux Privileged Identity & Access Man...Ryan Gallavin
 
S-CUBE LP: Runtime Prediction of SLA Violations Based on Service Event Logs
S-CUBE LP: Runtime Prediction of SLA Violations Based on Service Event LogsS-CUBE LP: Runtime Prediction of SLA Violations Based on Service Event Logs
S-CUBE LP: Runtime Prediction of SLA Violations Based on Service Event Logsvirtual-campus
 
tuningfor_oracle
tuningfor_oracle tuningfor_oracle
tuningfor_oraclestyxyx
 

More Related Content

What's hot

Hipaa checklist - information security
Hipaa checklist - information securityHipaa checklist - information security
Hipaa checklist - information securityVijay Sekar
 
Securing control systems v0.4
Securing control systems v0.4Securing control systems v0.4
Securing control systems v0.4CrispnCrunch
 
Security management and tools
Security management and toolsSecurity management and tools
Security management and toolsVibhor Raut
 
Ch02 mis-ctrl-appl
Ch02 mis-ctrl-applCh02 mis-ctrl-appl
Ch02 mis-ctrl-applSR NAIDU
 
Continuous Monitoring: Monitoring Strategy – Part 2 of 3
Continuous Monitoring: Monitoring Strategy – Part 2 of 3Continuous Monitoring: Monitoring Strategy – Part 2 of 3
Continuous Monitoring: Monitoring Strategy – Part 2 of 3EMC
 
Information Security Gm Aug09
Information Security Gm Aug09Information Security Gm Aug09
Information Security Gm Aug09John Reno
 
Guide for Applying The Risk Management Framework to Federal Information Systems
Guide for Applying The Risk Management Framework to Federal Information SystemsGuide for Applying The Risk Management Framework to Federal Information Systems
Guide for Applying The Risk Management Framework to Federal Information SystemsGuillermo Remache
 
Stop Chasing the Version: Compliance with CIPv5 through CIPv99
Stop Chasing the Version: Compliance with CIPv5 through CIPv99 Stop Chasing the Version: Compliance with CIPv5 through CIPv99
Stop Chasing the Version: Compliance with CIPv5 through CIPv99 Tripwire
 
5 Things Your Security Administrator Should Tell You
5 Things Your Security Administrator Should Tell You5 Things Your Security Administrator Should Tell You
5 Things Your Security Administrator Should Tell YouHelpSystems
 
Audit Sample Report
Audit Sample ReportAudit Sample Report
Audit Sample ReportRandy James
 
Control Issues and Mobile Devices
Control Issues and Mobile DevicesControl Issues and Mobile Devices
Control Issues and Mobile Devicessunnay
 
IT Audit methodologies
IT Audit methodologiesIT Audit methodologies
IT Audit methodologiesgenetics
 
IT Audit For Non-IT Auditors
IT Audit For Non-IT AuditorsIT Audit For Non-IT Auditors
IT Audit For Non-IT AuditorsEd Tobias
 
Auditing SOX ITGC Compliance
Auditing SOX ITGC ComplianceAuditing SOX ITGC Compliance
Auditing SOX ITGC Complianceseanpizzy
 
"Backoff" Malware: How to Know If You're Infected
"Backoff" Malware: How to Know If You're Infected"Backoff" Malware: How to Know If You're Infected
"Backoff" Malware: How to Know If You're InfectedTripwire
 
CoreTrace Whitepaper: Whitelisting And Control Systems
CoreTrace Whitepaper: Whitelisting And Control SystemsCoreTrace Whitepaper: Whitelisting And Control Systems
CoreTrace Whitepaper: Whitelisting And Control SystemsCoreTrace Corporation
 
PIM, PAM, PUM: Best Practices for Unix/Linux Privileged Identity & Access Man...
PIM, PAM, PUM: Best Practices for Unix/Linux Privileged Identity & Access Man...PIM, PAM, PUM: Best Practices for Unix/Linux Privileged Identity & Access Man...
PIM, PAM, PUM: Best Practices for Unix/Linux Privileged Identity & Access Man...Ryan Gallavin
 

What's hot (20)

IS audit checklist
IS audit checklistIS audit checklist
IS audit checklist
 
Hipaa checklist - information security
Hipaa checklist - information securityHipaa checklist - information security
Hipaa checklist - information security
 
Securing control systems v0.4
Securing control systems v0.4Securing control systems v0.4
Securing control systems v0.4
 
Security management and tools
Security management and toolsSecurity management and tools
Security management and tools
 
Ch02 mis-ctrl-appl
Ch02 mis-ctrl-applCh02 mis-ctrl-appl
Ch02 mis-ctrl-appl
 
Continuous Monitoring: Monitoring Strategy – Part 2 of 3
Continuous Monitoring: Monitoring Strategy – Part 2 of 3Continuous Monitoring: Monitoring Strategy – Part 2 of 3
Continuous Monitoring: Monitoring Strategy – Part 2 of 3
 
Information Security Gm Aug09
Information Security Gm Aug09Information Security Gm Aug09
Information Security Gm Aug09
 
Guide for Applying The Risk Management Framework to Federal Information Systems
Guide for Applying The Risk Management Framework to Federal Information SystemsGuide for Applying The Risk Management Framework to Federal Information Systems
Guide for Applying The Risk Management Framework to Federal Information Systems
 
Stop Chasing the Version: Compliance with CIPv5 through CIPv99
Stop Chasing the Version: Compliance with CIPv5 through CIPv99 Stop Chasing the Version: Compliance with CIPv5 through CIPv99
Stop Chasing the Version: Compliance with CIPv5 through CIPv99
 
5 Things Your Security Administrator Should Tell You
5 Things Your Security Administrator Should Tell You5 Things Your Security Administrator Should Tell You
5 Things Your Security Administrator Should Tell You
 
System Security Plans 101
System Security Plans 101System Security Plans 101
System Security Plans 101
 
Audit Sample Report
Audit Sample ReportAudit Sample Report
Audit Sample Report
 
Control Issues and Mobile Devices
Control Issues and Mobile DevicesControl Issues and Mobile Devices
Control Issues and Mobile Devices
 
IT Audit methodologies
IT Audit methodologiesIT Audit methodologies
IT Audit methodologies
 
IT Audit For Non-IT Auditors
IT Audit For Non-IT AuditorsIT Audit For Non-IT Auditors
IT Audit For Non-IT Auditors
 
Auditing SOX ITGC Compliance
Auditing SOX ITGC ComplianceAuditing SOX ITGC Compliance
Auditing SOX ITGC Compliance
 
"Backoff" Malware: How to Know If You're Infected
"Backoff" Malware: How to Know If You're Infected"Backoff" Malware: How to Know If You're Infected
"Backoff" Malware: How to Know If You're Infected
 
Information security risk
Information security riskInformation security risk
Information security risk
 
CoreTrace Whitepaper: Whitelisting And Control Systems
CoreTrace Whitepaper: Whitelisting And Control SystemsCoreTrace Whitepaper: Whitelisting And Control Systems
CoreTrace Whitepaper: Whitelisting And Control Systems
 
PIM, PAM, PUM: Best Practices for Unix/Linux Privileged Identity & Access Man...
PIM, PAM, PUM: Best Practices for Unix/Linux Privileged Identity & Access Man...PIM, PAM, PUM: Best Practices for Unix/Linux Privileged Identity & Access Man...
PIM, PAM, PUM: Best Practices for Unix/Linux Privileged Identity & Access Man...
 

Viewers also liked

S-CUBE LP: Runtime Prediction of SLA Violations Based on Service Event Logs
S-CUBE LP: Runtime Prediction of SLA Violations Based on Service Event LogsS-CUBE LP: Runtime Prediction of SLA Violations Based on Service Event Logs
S-CUBE LP: Runtime Prediction of SLA Violations Based on Service Event Logsvirtual-campus
 
tuningfor_oracle
tuningfor_oracle tuningfor_oracle
tuningfor_oraclestyxyx
 
IBM PowerVM Virtualization Introduction and Configuration
IBM PowerVM Virtualization Introduction and ConfigurationIBM PowerVM Virtualization Introduction and Configuration
IBM PowerVM Virtualization Introduction and ConfigurationIBM India Smarter Computing
 
Ibm power vc version 1.2.3 introduction and configuration
Ibm power vc version 1.2.3 introduction and configurationIbm power vc version 1.2.3 introduction and configuration
Ibm power vc version 1.2.3 introduction and configurationgagbada
 
Aix student guide system administrations part 2 problem determination
Aix student guide system administrations part 2 problem determinationAix student guide system administrations part 2 problem determination
Aix student guide system administrations part 2 problem determinationYogesh Sharma
 
Public Training Power System for AIX : AIX Implementation & Administration (A...
Public Training Power System for AIX : AIX Implementation & Administration (A...Public Training Power System for AIX : AIX Implementation & Administration (A...
Public Training Power System for AIX : AIX Implementation & Administration (A...Hany Paulina
 
Presentation common task differences between sdmc and hmc
Presentation common task differences between sdmc and hmcPresentation common task differences between sdmc and hmc
Presentation common task differences between sdmc and hmcxKinAnx
 
AIX Administator Resume.
AIX Administator Resume.AIX Administator Resume.
AIX Administator Resume.Shamsher Singh
 
IBM POWER Systems
IBM POWER SystemsIBM POWER Systems
IBM POWER Systemstcp cloud
 
How To Install and Configure SUDO on RHEL 7
How To Install and Configure SUDO on RHEL 7How To Install and Configure SUDO on RHEL 7
How To Install and Configure SUDO on RHEL 7VCP Muthukrishna
 
Introduce: IBM Power Linux with PowerKVM
Introduce: IBM Power Linux with PowerKVMIntroduce: IBM Power Linux with PowerKVM
Introduce: IBM Power Linux with PowerKVMZainal Abidin
 
PowerVC and Power Systems Cloud Trends
PowerVC and Power Systems Cloud TrendsPowerVC and Power Systems Cloud Trends
PowerVC and Power Systems Cloud TrendsJay Kruemcke
 
AIX Advanced Administration Knowledge Share
AIX Advanced Administration Knowledge ShareAIX Advanced Administration Knowledge Share
AIX Advanced Administration Knowledge Share.Gastón. .Bx.
 

Viewers also liked (20)

S-CUBE LP: Runtime Prediction of SLA Violations Based on Service Event Logs
S-CUBE LP: Runtime Prediction of SLA Violations Based on Service Event LogsS-CUBE LP: Runtime Prediction of SLA Violations Based on Service Event Logs
S-CUBE LP: Runtime Prediction of SLA Violations Based on Service Event Logs
 
tuningfor_oracle
tuningfor_oracle tuningfor_oracle
tuningfor_oracle
 
IBM PowerVM Virtualization Introduction and Configuration
IBM PowerVM Virtualization Introduction and ConfigurationIBM PowerVM Virtualization Introduction and Configuration
IBM PowerVM Virtualization Introduction and Configuration
 
Ibm power vc version 1.2.3 introduction and configuration
Ibm power vc version 1.2.3 introduction and configurationIbm power vc version 1.2.3 introduction and configuration
Ibm power vc version 1.2.3 introduction and configuration
 
Aix install via nim
Aix install via nimAix install via nim
Aix install via nim
 
Aix student guide system administrations part 2 problem determination
Aix student guide system administrations part 2 problem determinationAix student guide system administrations part 2 problem determination
Aix student guide system administrations part 2 problem determination
 
Public Training Power System for AIX : AIX Implementation & Administration (A...
Public Training Power System for AIX : AIX Implementation & Administration (A...Public Training Power System for AIX : AIX Implementation & Administration (A...
Public Training Power System for AIX : AIX Implementation & Administration (A...
 
Red Hat Cluster
Red Hat ClusterRed Hat Cluster
Red Hat Cluster
 
IBM PowerVM Best Practices
IBM PowerVM Best PracticesIBM PowerVM Best Practices
IBM PowerVM Best Practices
 
Presentation common task differences between sdmc and hmc
Presentation common task differences between sdmc and hmcPresentation common task differences between sdmc and hmc
Presentation common task differences between sdmc and hmc
 
Aix install
Aix installAix install
Aix install
 
IBM PowerVC Introduction and Configuration
IBM PowerVC Introduction and ConfigurationIBM PowerVC Introduction and Configuration
IBM PowerVC Introduction and Configuration
 
AIX Administator Resume.
AIX Administator Resume.AIX Administator Resume.
AIX Administator Resume.
 
IBM Power VC
IBM Power VCIBM Power VC
IBM Power VC
 
IBM POWER Systems
IBM POWER SystemsIBM POWER Systems
IBM POWER Systems
 
How To Install and Configure SUDO on RHEL 7
How To Install and Configure SUDO on RHEL 7How To Install and Configure SUDO on RHEL 7
How To Install and Configure SUDO on RHEL 7
 
Introduce: IBM Power Linux with PowerKVM
Introduce: IBM Power Linux with PowerKVMIntroduce: IBM Power Linux with PowerKVM
Introduce: IBM Power Linux with PowerKVM
 
PowerVC and Power Systems Cloud Trends
PowerVC and Power Systems Cloud TrendsPowerVC and Power Systems Cloud Trends
PowerVC and Power Systems Cloud Trends
 
Installing Aix
Installing AixInstalling Aix
Installing Aix
 
AIX Advanced Administration Knowledge Share
AIX Advanced Administration Knowledge ShareAIX Advanced Administration Knowledge Share
AIX Advanced Administration Knowledge Share
 

Similar to Compliance and Event Monitoring with PowerSC Tools for IBM i

Cutting Through the Software License Jungle: Stay Safe and Control Costs
Cutting Through the Software License Jungle: Stay Safe and Control CostsCutting Through the Software License Jungle: Stay Safe and Control Costs
Cutting Through the Software License Jungle: Stay Safe and Control CostsIBM Security
 
A summary of gao’s review of information security (naba barkakati)
A summary of gao’s review of information security (naba barkakati)A summary of gao’s review of information security (naba barkakati)
A summary of gao’s review of information security (naba barkakati)Naba Barkakati
 
Cyber crime with privention
Cyber crime with privention Cyber crime with privention
Cyber crime with privention Manish Dixit Ceh
 
Sap Security Assessment V3 English
Sap Security Assessment V3 EnglishSap Security Assessment V3 English
Sap Security Assessment V3 Englishguest5bd7a1
 
What’s the State of Your Endpoint Security?
What’s the State of Your Endpoint Security?What’s the State of Your Endpoint Security?
What’s the State of Your Endpoint Security?IBM Security
 
Event Monitoring: Use Powerful Insights to Improve Performance and Security
Event Monitoring: Use Powerful Insights to Improve Performance and SecurityEvent Monitoring: Use Powerful Insights to Improve Performance and Security
Event Monitoring: Use Powerful Insights to Improve Performance and SecurityDreamforce
 
IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM
 
Federal Webinar: RMF, DISA STIGs, and NIST FISMA Compliance using SolarWinds
Federal Webinar: RMF, DISA STIGs, and NIST FISMA Compliance using SolarWindsFederal Webinar: RMF, DISA STIGs, and NIST FISMA Compliance using SolarWinds
Federal Webinar: RMF, DISA STIGs, and NIST FISMA Compliance using SolarWindsSolarWinds
 
Logging, monitoring and auditing
Logging, monitoring and auditingLogging, monitoring and auditing
Logging, monitoring and auditingPiyush Jain
 
Hackers, Cyber Crime and Espionage
Hackers, Cyber Crime and EspionageHackers, Cyber Crime and Espionage
Hackers, Cyber Crime and EspionageImperva
 
Monitoring for Operational Outcomes and Application Insights: Best Practices ...
Monitoring for Operational Outcomes and Application Insights: Best Practices ...Monitoring for Operational Outcomes and Application Insights: Best Practices ...
Monitoring for Operational Outcomes and Application Insights: Best Practices ...Amazon Web Services
 
4 Security Guidelines for SharePoint Governance
4 Security Guidelines for SharePoint Governance4 Security Guidelines for SharePoint Governance
4 Security Guidelines for SharePoint GovernanceImperva
 
Why Regular Audits are Necessary in IT Asset Management.pdf
Why Regular Audits are Necessary in IT Asset Management.pdfWhy Regular Audits are Necessary in IT Asset Management.pdf
Why Regular Audits are Necessary in IT Asset Management.pdfaotmp2600
 
Unit - 4 Security in information system .pptx
Unit - 4 Security in information system .pptxUnit - 4 Security in information system .pptx
Unit - 4 Security in information system .pptxSharumathiR1
 
SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...
SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...
SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...akquinet enterprise solutions GmbH
 

Similar to Compliance and Event Monitoring with PowerSC Tools for IBM i (20)

IT System & Security Audit
IT System & Security AuditIT System & Security Audit
IT System & Security Audit
 
Cutting Through the Software License Jungle: Stay Safe and Control Costs
Cutting Through the Software License Jungle: Stay Safe and Control CostsCutting Through the Software License Jungle: Stay Safe and Control Costs
Cutting Through the Software License Jungle: Stay Safe and Control Costs
 
3c 2 Information Systems Audit
3c 2 Information Systems Audit3c 2 Information Systems Audit
3c 2 Information Systems Audit
 
Does audit make us more secure
Does audit make us more secureDoes audit make us more secure
Does audit make us more secure
 
A summary of gao’s review of information security (naba barkakati)
A summary of gao’s review of information security (naba barkakati)A summary of gao’s review of information security (naba barkakati)
A summary of gao’s review of information security (naba barkakati)
 
Cyber crime with privention
Cyber crime with privention Cyber crime with privention
Cyber crime with privention
 
Sap Security Assessment V3 English
Sap Security Assessment V3 EnglishSap Security Assessment V3 English
Sap Security Assessment V3 English
 
What’s the State of Your Endpoint Security?
What’s the State of Your Endpoint Security?What’s the State of Your Endpoint Security?
What’s the State of Your Endpoint Security?
 
Event Monitoring: Use Powerful Insights to Improve Performance and Security
Event Monitoring: Use Powerful Insights to Improve Performance and SecurityEvent Monitoring: Use Powerful Insights to Improve Performance and Security
Event Monitoring: Use Powerful Insights to Improve Performance and Security
 
IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future
 
Federal Webinar: RMF, DISA STIGs, and NIST FISMA Compliance using SolarWinds
Federal Webinar: RMF, DISA STIGs, and NIST FISMA Compliance using SolarWindsFederal Webinar: RMF, DISA STIGs, and NIST FISMA Compliance using SolarWinds
Federal Webinar: RMF, DISA STIGs, and NIST FISMA Compliance using SolarWinds
 
Logging, monitoring and auditing
Logging, monitoring and auditingLogging, monitoring and auditing
Logging, monitoring and auditing
 
Hackers, Cyber Crime and Espionage
Hackers, Cyber Crime and EspionageHackers, Cyber Crime and Espionage
Hackers, Cyber Crime and Espionage
 
Monitoring for Operational Outcomes and Application Insights: Best Practices ...
Monitoring for Operational Outcomes and Application Insights: Best Practices ...Monitoring for Operational Outcomes and Application Insights: Best Practices ...
Monitoring for Operational Outcomes and Application Insights: Best Practices ...
 
4 Security Guidelines for SharePoint Governance
4 Security Guidelines for SharePoint Governance4 Security Guidelines for SharePoint Governance
4 Security Guidelines for SharePoint Governance
 
Security audit
Security auditSecurity audit
Security audit
 
Why Regular Audits are Necessary in IT Asset Management.pdf
Why Regular Audits are Necessary in IT Asset Management.pdfWhy Regular Audits are Necessary in IT Asset Management.pdf
Why Regular Audits are Necessary in IT Asset Management.pdf
 
Corporate Cyber Program
Corporate Cyber ProgramCorporate Cyber Program
Corporate Cyber Program
 
Unit - 4 Security in information system .pptx
Unit - 4 Security in information system .pptxUnit - 4 Security in information system .pptx
Unit - 4 Security in information system .pptx
 
SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...
SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...
SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...
 

Compliance and Event Monitoring with PowerSC Tools for IBM i

  • 1. Using the PowerSC Tools for IBM i Compliance and Event Monitoring Tool Compliance and Event Monitoring © 2016 IBM Corporation Compliance and Event Monitoring Tool Terry Ford Senior Managing Consultant taford@us.ibm.com February 1, 2016
  • 2. Statement of Good Security Practices  IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most 2© 2016 IBM Corporation operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.
  • 3. “Some organizations will be a target regardless of what they do, but most become a TARGET because 3© 2016 IBM Corporation but most become a TARGET because of what they do (or don’t do)”
  • 4. Monitoring – Compliance and Monitoring to What? Company Policy and/or Standards These should define how systems should be built, maintained, monitored, and interacted with by its custodians and users. Another way of thinking about it, they are a Service Level Agreement (SLA) between Owners, Management and the people they have hired to “work” the business. Owners and Management 4© 2016 IBM Corporation the business. Owners and Management derive a “sense of security” knowing that its employees are managing the business according to this agreement. Owners and Management must be involved in the creation and maintenance of these documents. Compliance monitoring then is simply demonstrating that the employees (and management) are doing what they have been hired to do.
  • 5. Compliance and Event Monitoring – Inhibitors  Security setup inherited from the past - previous owners / application designers no longer are available  For many IBM i IT departments, security is performed by an individual with multiple responsibilities – operations, administration, programming, etc.  Security implementation “how to” is often not understood, is neglected or not monitored due to time constraints.  Security policies/standards often do not exist. If they do, monitoring of compliance to the policy is not done or understood and deviation from the policies/standards 5© 2016 IBM Corporation to the policy is not done or understood and deviation from the policies/standards across the enterprise is unknown.  Gathering of security information is time consuming and scattered in multiple places on the system. The analysis of this data or monitoring of security changes is often dated by the time it is read.  How do you measure security? What are Key Risk Indicators (KRI) ? How do I prove due diligence to security monitoring?
  • 6. Compliance and Event Monitoring – Measuring Security  “If you can’t measure it, how can you improve or fix it ?”  Provide evidence that risk is being managed according to enterprise defined risk thresholds empowering Senior Management to make informed risk management decisions on where best to allocate resource.  REQUIREMENTS:  Centralized view of Security Compliance status across the enterprise • No access to remote machines required • Maintain segregation of duties 6© 2016 IBM Corporation • Maintain segregation of duties • Provide management visibility, meaningful reports that drive action  Customizable Control Tests • Measurable Results • Ability to define Key Risk Indicators (KRI’s) • Traceability back to Security Standards and Company Policies  Dashboard Style Reporting • Red, Yellow (Amber), Green (RAG) Metrics • ‘Clickable’ reports – to drill down to the issue • Trending – to measure improvements (hopefully) over time
  • 7. Compliance Assessment and Event Monitoring Tool “I just want to arrive in the morning, get a cup of coffee, and have a view of what systems are in compliance and which are not.” 7© 2016 IBM Corporation
  • 8. Compliance Assessment and Event Monitoring Tool Provides “out of the box” assessment of systems for security compliance and exposures Profile Analysis:  Special Authorities / Inherited Privileges  Group Profiles / Ambiguous Profiles  Default Passwords / Password Expiration  Inactive Accounts Administration / Configuration:  System Values / Audit Control Settings  Invalid Signon attempts  *PUBLICLY Authorized Profiles  Privately Authorized Profiles  Initial Programs, Menus, and Attention Programs  Command Line Access  DDM Password Requirements  Registered Exit Points / Exit Programs 8© 2016 IBM Corporation  Invalid Signon attempts  Work Management Analysis  Service Tools (SST) Security  PTF Currency Network Settings:  Network attributes / Time Server  NetServer Configuration  TCP/IP servers / Autostart values  Digital Certificate Expiration  SNMP / SSH / SSL Configuration  Registered Exit Points / Exit Programs  Function Usage  Library Analysis / *ALLOBJ Inheritance  Customer Defined Items  Listening ports / Network Encryption  IP Datagram Forwarding  IP Source Routing  APPN Configuration (yes – for many it is still there)  Server Authentication Entries
  • 9. Compliance Assessment and Event Monitoring Tool High Level Architecture ETL Process to Load Data Mart on Central System DB2 for i Reporting Data Mart DAILY HISTORY Remote systems Data Mart system PROFILES 9© 2016 IBM Corporation Central System DB2 Web Query Meta Data DAILY SUMMARY TABLE Created by the Compliance Assessment Tool Collection Agent (One for every LPAR) DB2 Web Query Dashboards/Reports
  • 10. Compliance Assessment and Event Monitoring Tool Data Mart Tables DB2 for i Reporting Data Mart 10© 2016 IBM Corporation Detailed history of system security and compliance grading  System Attributes  Security Attributes  Best Practice  Policy / Policy Exception  User Profiles How current is the data I am viewing? Logging of success or failure of scheduled ETL processes with remote systems How do I wish to filter on and view the data? System descriptive information such as location, usage, VRM level, Template, etc. How is Red, Yellow (Amber), and Green defined? User defined thresholds for aggregate security attribute grading.
  • 11. Compliance Assessment and Event Monitoring Tool – Typical Use  Demonstrating to auditors that control measures are in place  Observing and highlighting deviation from corporate security standards and policies  Demonstrating when observed deviations have occurred  Reporting defined security standards upon request by system or for the entire estate of systems  Quickly observing and assessing a broad range of security attributes (commonly known and unknown to administrators) 11© 2016 IBM Corporation known and unknown to administrators)  Quickly looking across the corporate estate for consistency in administration  Adding customer-defined items for monitoring inventory, auditing, status, etc. with incorporated scoring mechanisms provided by the tool  Deploying fixes, enhancements or changes to individual LPARs or all LPARs for compliance or alignment with standards  Monitoring PTF currency
  • 12. Terry Ford, Team Lead Office: 1-507-253-7241 Help is always just an email or call away! 12© 2016 IBM Corporation Terry Ford, Team Lead Senior Managing Consultant Security Services Delivery IBM Systems Lab Services Office: 1-507-253-7241 Mobile: 1-507-358-1771 taford@us.ibm.com 3605 Highway 52 N Bldg. 025-3 C113 Rochester, MN 55901 USA
  • 13. Examples and Backup 13© 2016 IBM Corporation Examples and Backup
  • 14. Enterprise Dashboard - Summary of Overall System Status of all systems in the enterprise by various system attributes. - Information is based on last successful collection for each system. Compliance Assessment and Event Monitoring Tool 14© 2016 IBM Corporation
  • 15. Regional Review (Drill down to overall grading and details) Compliance Assessment and Event Monitoring Tool 15© 2016 IBM Corporation
  • 16. System Dashboard Key System and data collection information - Status of last collection attempt (Success or Fail) - Key System attributes – VRM, Location, etc. - Overall and detailed system grading based upon last successful collection. Compliance Assessment and Event Monitoring Tool 16© 2016 IBM Corporation
  • 17. Cross System Analysis Horizontal or vertical presentation of risk indicators across LPARs Compliance Assessment and Event Monitoring Tool 17© 2016 IBM Corporation
  • 18. Cross System Analysis PTF Inventory… Compliance Assessment and Event Monitoring Tool 18© 2016 IBM Corporation
  • 19. Cross System Analysis PTF Currency… Compliance Assessment and Event Monitoring Tool 19© 2016 IBM Corporation
  • 20. Cross System Analysis Certificate Stores … Compliance Assessment and Event Monitoring Tool 20© 2016 IBM Corporation
  • 21. Monitoring Vulnerabilities Compliance Assessment and Event Monitoring Tool 21© 2016 IBM Corporation
  • 22. Profile Analysis Horizontal or vertical presentation of user profiles across LPARs Compliance Assessment and Event Monitoring Tool 22© 2016 IBM Corporation
  • 23. Profile Analysis Aggregation of user profiles across LPARs Compliance Assessment and Event Monitoring Tool 23© 2016 IBM Corporation
  • 24. Profile Analysis Drill down into user profiles as configured across LPARs Compliance Assessment and Event Monitoring Tool 24© 2016 IBM Corporation
  • 25. Event Monitoring Early Detection of Administrative Mistakes or Malicious Activity Compliance Assessment and Event Monitoring Tool 25© 2016 IBM Corporation
  • 26. Performance and Availability Analysis Understand Risk of Outage due to Performance or Availability constraints Compliance Assessment and Event Monitoring Tool 26© 2016 IBM Corporation
  • 27. Our Mission and Profile IBM Systems Lab Services and Training  Support the IBM Systems Agenda and accelerate the adoption of new products and solutions  Maximize performance of our clients’ existing IBM systems  Deliver technical training, conferences, and other services tailored to meet client needs  Team with IBM Service Providers to optimize the deployment of IBM solutions (GTS, GBS, SWG Lab Services and our IBM Business Partners) Our Competitive Advantage  Leverage relationships with the IBM development labs to build deep Mainframe Systems Power Systems System Storage IT Infrastructure Optimization 27© 2016 IBM Corporation 27 Successful Worldwide History  18 years in Americas  10 years in Europe/Middle East/Africa  6 years in Asia Pacific  Leverage relationships with the IBM development labs to build deep technical skills and exploit the expertise of our developers  Combined expertise of Lab Services and the Training for Systems team  Skills can be deployed worldwide to assure client requests can be met www.ibm.com/systems/services/labservices stgls@us.ibm.com IT Infrastructure Optimization Data Center Services Training Services
  • 28. Leverage the skills and expertise of IBM's technical consultants to implement projects that achieve faster business value IBM Systems Lab Services and Training  Ensure a smooth upgrade  Improve your availability  Design for efficient virtualization  Reduce management complexity  Assess your system security  Optimize database performance How to contact us  email us at stgls@us.ibm.com  Follow us at @IBMSLST  Learn more ibm.com/systems/services/labservices 28© 2016 IBM Corporation  Optimize database performance  Modernize applications for iPad  Deliver training classes & conferences The image part with relationship ID rId14 was not found in the file.
  • 29. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY. THANK YOUwww.ibm.com/security © Copyright IBM Corporation 2015. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and / or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.