IBM i remains one of the most securable servers, but poor configuration and missing controls can result in undetected data access, fraud, or worse.
The only study focused exclusively on IBM i security found gross lapses in configuration, controls, and auditing - across all surveyed systems.
Information security management guidance for discrete automationjohnnywess
This document summarizes guidance for establishing an information security management program for industrial automation departments. It finds that while standards and guidance are now readily available, implementing a comprehensive security program requires extensive cross-functional collaboration. None of the publications can be implemented alone by automation departments due to their complexity and need for interdepartmental expertise in areas like risk assessment and network segmentation. Effectively addressing vulnerabilities will require integrating security practices with existing organizational processes and acquiring new technical knowledge across roles.
Model for Identifying the Security of a System: A Case Study of Point Of Sale...IOSR Journals
This document presents a model for identifying security requirements of a system during the requirements analysis phase. The model uses use case diagrams along with security questionnaires tables. A use case diagram depicts the functional requirements and interactions between actors and the system. The proposed model adds a security questionnaires table for each use case/process in the diagram to identify related security requirements. The document implements the model on a point of sale system case study, presenting sample security questionnaires tables for the login, add product, and view product processes. The tables contain security-related questions to address during requirements. The model aims to incorporate security early in development to avoid later issues.
Revealing the 2016 State of IBM i SecurityHelpSystems
The 2016 State of IBM i Security Study reveals exclusive information about what tools and strategies organizations are using to secure IBM i—and where they’re leaving the platform vulnerable. Get a first look at the results here, and download the full report to learn more: bit.ly/1SoAuNs
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadarIBM Security
view on demand: https://securityintelligence.com/events/dont-drown-in-a-sea-of-cyberthreats/
Security teams can be overwhelmed by a sea of vulnerabilities–without the contextual data to help them focus their efforts on the weaknesses that are most likely to be exploited. Cyberthreats need to be stopped before they cause significant financial and reputational damages to an organization. You need a security system that can detect an attack, prioritize risks and respond within minutes to shut down an attack or vulnerability that could compromise your endpoints and data.
Join this webinar and learn how IBM BigFix seamlessly integrates with IBM QRadar to provide accelerated risk prioritization and incident response to mitigate potential attacks giving you an integrated threat protection system to keep your corporate and customer data secure.
Avoiding the Data Compliance "Hot Seat"IBM Security
View on demand: http://event.on24.com/wcc/r/1059973/D8BA686B6DACA4DB5A43CC08BD4BBDFC
Audits can occur at any time; do you know where your personal and corporate sensitive data resides? Do you have the right measures in place to protect it? You need to be prepared to answer questions about roles and responsibilities in your organization, such as:
- Do you have documentation about who needs to do what?
- Do you have well-defined roles, responsibilities and processes for data security operations, auditing and managing compliance and policy mandates?
- Do you have evidence that you are following these processes and procedures?
Join this webcast to learn how you can take control with automated data security to cost-effectively address regulations, avoid fines and stay out of the hot seat.
The IBM Security Client References Guide includes summary slides of IBM clients across various industries that have successfully implemented solutions from the IBM Security Portfolio.
This is the product and services portfolio of IBM Security, which is one pillar of IBM CAMSS strategy. Products in portfolio are still moving during early 2015 due to re-portfolio of IBM. However, it will be categorized in 2 major parts.
1) IBM Security Products : all security software and appliance
2) IBM Security Services : all security services, including Cloud security.
Emergency Response How to Identify and Resolve Security RisksIBM Security
This document discusses how to prepare for emergency response situations, particularly when responding to security incidents in remote locations with limited resources. It notes that incident responders may face bandwidth limitations, inability to access RAM or ship forensic data, impacts from time zone differences, and lack of trained system administrators. The document provides recommendations such as minimizing data transfers, planning for RAM inaccessibility, aggregating requests to system administrators, and ensuring first responders have basic investigatory skills.
Information security management guidance for discrete automationjohnnywess
This document summarizes guidance for establishing an information security management program for industrial automation departments. It finds that while standards and guidance are now readily available, implementing a comprehensive security program requires extensive cross-functional collaboration. None of the publications can be implemented alone by automation departments due to their complexity and need for interdepartmental expertise in areas like risk assessment and network segmentation. Effectively addressing vulnerabilities will require integrating security practices with existing organizational processes and acquiring new technical knowledge across roles.
Model for Identifying the Security of a System: A Case Study of Point Of Sale...IOSR Journals
This document presents a model for identifying security requirements of a system during the requirements analysis phase. The model uses use case diagrams along with security questionnaires tables. A use case diagram depicts the functional requirements and interactions between actors and the system. The proposed model adds a security questionnaires table for each use case/process in the diagram to identify related security requirements. The document implements the model on a point of sale system case study, presenting sample security questionnaires tables for the login, add product, and view product processes. The tables contain security-related questions to address during requirements. The model aims to incorporate security early in development to avoid later issues.
Revealing the 2016 State of IBM i SecurityHelpSystems
The 2016 State of IBM i Security Study reveals exclusive information about what tools and strategies organizations are using to secure IBM i—and where they’re leaving the platform vulnerable. Get a first look at the results here, and download the full report to learn more: bit.ly/1SoAuNs
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadarIBM Security
view on demand: https://securityintelligence.com/events/dont-drown-in-a-sea-of-cyberthreats/
Security teams can be overwhelmed by a sea of vulnerabilities–without the contextual data to help them focus their efforts on the weaknesses that are most likely to be exploited. Cyberthreats need to be stopped before they cause significant financial and reputational damages to an organization. You need a security system that can detect an attack, prioritize risks and respond within minutes to shut down an attack or vulnerability that could compromise your endpoints and data.
Join this webinar and learn how IBM BigFix seamlessly integrates with IBM QRadar to provide accelerated risk prioritization and incident response to mitigate potential attacks giving you an integrated threat protection system to keep your corporate and customer data secure.
Avoiding the Data Compliance "Hot Seat"IBM Security
View on demand: http://event.on24.com/wcc/r/1059973/D8BA686B6DACA4DB5A43CC08BD4BBDFC
Audits can occur at any time; do you know where your personal and corporate sensitive data resides? Do you have the right measures in place to protect it? You need to be prepared to answer questions about roles and responsibilities in your organization, such as:
- Do you have documentation about who needs to do what?
- Do you have well-defined roles, responsibilities and processes for data security operations, auditing and managing compliance and policy mandates?
- Do you have evidence that you are following these processes and procedures?
Join this webcast to learn how you can take control with automated data security to cost-effectively address regulations, avoid fines and stay out of the hot seat.
The IBM Security Client References Guide includes summary slides of IBM clients across various industries that have successfully implemented solutions from the IBM Security Portfolio.
This is the product and services portfolio of IBM Security, which is one pillar of IBM CAMSS strategy. Products in portfolio are still moving during early 2015 due to re-portfolio of IBM. However, it will be categorized in 2 major parts.
1) IBM Security Products : all security software and appliance
2) IBM Security Services : all security services, including Cloud security.
Emergency Response How to Identify and Resolve Security RisksIBM Security
This document discusses how to prepare for emergency response situations, particularly when responding to security incidents in remote locations with limited resources. It notes that incident responders may face bandwidth limitations, inability to access RAM or ship forensic data, impacts from time zone differences, and lack of trained system administrators. The document provides recommendations such as minimizing data transfers, planning for RAM inaccessibility, aggregating requests to system administrators, and ensuring first responders have basic investigatory skills.
3 Enablers of Successful Cyber Attacks and How to Thwart ThemIBM Security
View On Demand Webinar: http://event.on24.com/wcc/r/1034047/290050B65FF5D6C0727ABDA9E60203CB
The traditional approaches used to fight cybercrime simply aren’t effective anymore. During Advanced Persistent Threats (APTs) and targeted attacks, the attacker uses a myriad of tools and techniques to breach an organization’s network, steal sensitive information and compromise its operations.
Vulnerable endpoints, careless users and advanced evasive malware represent three enablers to successful attacks. Users and endpoints have become the front-line in the ongoing war against cyber-crime. A new approach is needed to win the war.
In this on demand webinar, we will examine the different ways cybercriminals target end users and why enterprises have failed to protect against advanced threats. We will introduce a new preemptive approach that redefines endpoint protection with multi-layered security controls and integrated management that represent a unified ecosystem for endpoint control.
Join us to learn:
- How to thwart the three enablers that allow hackers to compromise endpoints
- Why a unified endpoint protection and management strategy is needed
- How IBM BigFix and IBM Trusteer Apex provide integrated endpoint security
This document discusses security trends facing organizations and IBM's security strategy and capabilities. Key points include:
- Sophisticated attackers are finding new ways to breach security like SQL injection and watering hole attacks. Data breaches increased 500% from 2011-2013.
- New technologies like cloud and mobile introduce new risks as traditional security practices become unsustainable. Skills shortages also challenge security.
- Identity has become the new perimeter and a key focus as it is the first line of defense. Context-aware identity and access management is needed.
- IBM's security strategy focuses on delivering intelligence, integration, and expertise across frameworks addressing advanced threats, cloud, mobile, compliance, and skills shortages.
10 Security Essentials Every CxO Should KnowIBM Security
View On Demand Webinar: http://event.on24.com/wcc/r/1060940/3EBB3C7D778564710E957F99AF1D7C1B
How comprehensive is your security program? Organizations today are reliant on technology more than ever to achieve competitive advantage. Whether it is growing your brand, automating a supply chain or moving to cloud and mobile, technology is the lifeblood of business. This shift in reliance also brings cyber threats that must be addressed.
Based on extensive experience, IBM has established 10 Essential Practices for a comprehensive security posture. Join Glen Holland, Global Practice Lead of SAP Security Services, to hear about the key imperatives can help you understand and address these threats and protect the business.
In this on demand webinar, you will learn:
- The 10 security essentials and best practices of today’s security leaders
- How to assess your security maturity
- Where your critical gaps lie and how to prioritize your actions
Life on the Endpoint Edge: Winning the Battle Against Cyber AttacksIBM Security
View On Demand Webinar: https://securityintelligence.com/events/life-on-the-endpoint-edge-winning-the-battle-against-cyber-attacks/
The perimeter – the boundary that encloses what you need to protect – was once a fixed value. Now your perimeter is wherever your endpoints are—from on-site servers at your headquarters, to employee devices connecting remotely around the globe. That picture is further complicated by the increasing types of devices that comprise your perimeter: point-of-sale systems (POS), ATMs, remote servers and even that ‘yet-to-be-invented device’ (that your boss will probably want on your network the week it’s released).
With cyber-attacks and vulnerabilities increasing in number and sophistication, how do you ensure endpoints in your organization are immunized against a potential breach while dealing with reduced budgets and limited resources?
View this on-demand webinar to learn about the state of endpoint security and how it is evolving to keep pace with attackers looking to exploit any gap in your perimeter.
This document discusses implementing IT security controls and the behavioral aspects of managing insider threats. It summarizes research showing that technical controls alone cannot solve security issues as they are also social and organizational problems. Later research applied a systems dynamics model and signal detection theory to observe behavioral risks, finding that information workers and security officers use experience and thresholds to decide when to investigate anomalies. Training staff on security tools and awareness was found to significantly reduce insider attacks. A 2010 framework addressed insider threats by considering the organization, individual, IT systems, and environment.
Linda Lopez Resume 20170130 IT SecurityLinda Lopez
Linda Lopez has over 20 years of experience in IT security, compliance, and application engineering. She has a proven track record of increasing security and reducing risk and costs at previous employers. Her core competencies include application, infrastructure, and data security compliance, Oracle application engineering, and business process reengineering. She holds certifications in CISA, MCSE, and MCP.
An international energy company analyzed billions of events per day using IBM's QRadar SIEM and QFlow solutions to reduce that number to around 20-25 events that needed investigation. A financial information provider used these same solutions to help identify subtle threats and fraud indicators. A credit card firm deployed QRadar SIEM to gain better visibility into current threats and reduce costs compared to its previous solution. A payments processor implemented QRadar SIEM and IBM Network IPS to achieve PCI compliance and exceed regulatory requirements. A fashion designer later used evidence from QRadar SIEM in court against an employee who was downloading and deleting files.
The document provides a system security plan for the <INSERT SYSTEM NAME> system. It contains 3 sections - an executive summary, system description and overview of security controls. The executive summary introduces the system security plan and provides a high-level summary of the <INSERT SYSTEM NAME> system, including that it is categorized as moderate impact and supports <INSERT ENVIRONMENT SUPPORTED>. The system description section provides details on the system technical environment, software, hardware and interconnections. The security controls section identifies which NIST 800-53 controls have been met, partially met, not met or are not applicable for the system.
This document discusses self-healing systems. It defines self-healing systems as systems that can understand when they are not operating correctly and restore themselves without human intervention. The document then discusses autonomic computing, which aims to create computer environments that can automatically detect and adjust to issues. Key elements of autonomic computing systems are described, including the autonomic control loop of collecting information, analyzing it, planning a response, and acting. The document also outlines characteristics of autonomic computing and categories related to self-healing systems like fault models, system responses, system completeness, and design context. Security implications of self-healing systems are also mentioned.
Comprehensive risk management for a cyber secure organizationJoe Hessmiller
This document discusses the need for comprehensive risk management and automation for cyber security. It makes three key points:
1. Security is a process that requires monitoring across physical, technical and administrative controls to be effective. Comprehensive monitoring of vulnerabilities and threats is needed.
2. Automation is key to continuously monitoring for vulnerabilities and threats, and to modifying security behaviors through persistent enforcement and reinforcement of practices.
3. An effective approach is to automate information security "ensurance" through a system that incorporates both technical ("hard") data from security systems and human ("soft") feedback to provide comprehensive security assessment and reinforcement of policies to change behaviors.
Automation of Information (Cyber) Security by Joe HessmillerJoe Hessmiller
The focus is on physical and logical security vulnerabilities. Yes, locks and malware sandboxes are important. BUT, the biggest potential risk comes from inside. From the people who can - intentionally or unintentionally - expose the organization to the greatest risks. This presentation is about automating the process to control those risks.
Hp It Performance Suite Customer Presentationesbosman
This document discusses the HP IT Performance Suite, which provides tools to help organizations optimize IT performance. It includes an Executive Scorecard that gives business leaders visibility into key IT performance metrics. The suite also features modules for strategy, planning, application development, operations management, and security. HP professional services help customers implement the suite through workshops, consulting, training, and support services. The goal is to help IT organizations and CIOs "perform better" by improving areas like operations, innovation, cost management, and agility.
This document discusses IBM's QRadar User Behavior Analytics product for detecting insider threats and risks. It provides an agenda for the presentation which includes discussing challenges around insider threats, IBM UBA capabilities using machine learning, and IBM's integrated approach to insider threat protection. It also includes a case study example of how IBM implemented its solution for a global pharma client to help address concerns around the impact of a major reorganization on employee morale.
E Mail Security Solution Industry Report PowerPoint Presentation SlidesSlideTeam
If your company needs to submit a E Mail Security Solution Industry Report PowerPoint Presentation Slides look no further. Our researchers have analyzed thousands of proposals on this topic for effectiveness and conversion. Just download our template, add your company data and submit to your client for a positive response. https://bit.ly/2WGv4Je
Symantec Endpoint Protection utilizes both reputation-based analysis and real-time behavioral monitoring technology to detect and block known and unknown malware. It has consistently received the highest AAA rating over four years for successfully stopping threats while allowing legitimate software installation and use. Performance tests also show it has the best protection against online threats while imposing minimal impact on everyday work.
IRJET- Employee Task Management System with High AuthenticationIRJET Journal
This document proposes an employee task management system with improved authentication security. The system allows administrators to assign tasks to employees, track attendance to calculate salaries and generate pay slips. It uses an implicit password authentication system where random security questions are generated during login. If the username, password and questions are correctly answered, an OTP is sent to the employee's email for verification. This provides higher security than existing systems. The system aims to accurately manage employee records and tasks while maintaining confidentiality of information.
QRadar & XGS: Stopping Attacks with a Click of the MouseIBM Security
View on-demand: https://securityintelligence.com/events/qradar-xgs-stopping-attacks-click-mouse/
As the tactics and techniques behind attacks continue to advance and evolve, organizations need a faster way to identify and prevent those attacks in real time. An integrated approach to security can make this a reality, especially when integrations are designed to proactively disrupt the lifecycle of advanced attacks through shared security intelligence and enabling organizations to take immediate action based on that intelligence.
In this session you will learn how IBM QRadar Security Intelligence Platform and IBM Security Network Protection (XGS), a next-generation IPS, work together to disrupt the attack chain and improve network security.
Join IBM Security product expert Craig Knapik as he shares how the QRadar and XGS integration enriches overall security intelligence and improves threat detection, while enabling security professionals to block threats immediately with a simple click of the mouse.
This document summarizes a research paper on data security in distributed systems. It begins by defining distributed systems and client/server systems. It then discusses some of the general problems with data security management in these systems, such as unsecure login processes and users not changing passwords regularly. Finally, it proposes a model for an access security system for distributed systems that includes an access security server with communication, session, and application layers to manage authentication, authorization, and access controls for users and systems.
Learn about the IBM i for Enterprise Businesses Quantifying the Value of Resilience.The IBM i operating environment has a longstanding track record of maintaining extremely high levels of
availability, security and disaster recovery. Users routinely describe it as “highly stable, extremely robust, completely dependable, rock-solid” and comparable terms.
ISE 510 Final Project Scenario Background Limetree In.docxchristiandean12115
ISE 510 Final Project Scenario
Background
Limetree Inc. is a research and development firm that engages in multiple research projects with the
federal government and private corporations in the areas of healthcare, biotechnology, and other
cutting-edge industries. It has been experiencing major growth in recent years, but there is also a
concern that information security lapses are becoming rampant as the company grows. Limetree Inc. is
working to establish a strong reputation in the industry, and it views a robust information security
program as part of the means to achieving its goal. The company looks to monitor and remain compliant
to any regulation impacting its operations.
Limetree Inc. recently experienced a security breach; it believes confidential company data has been
stolen, including personal health information (PHI) used in a research study. Limetree Inc. believes the
breach may have occurred because of some security vulnerabilities within its system and processes.
Limetree Inc.’s virtual environment is presented in the Agent Surefire: InfoSec educational video game.
The rest of the environment is presented via an interview with the security manager, Jack Sterling.
Highlight of Interview with Jack Sterling
Interview with Jack Sterling revealed the following about Limetree Inc.’s system and processes:
Hardware/Software:
Desktop Apps: Internet Explorer, Firefox, Google Chrome, MS Office, Adobe Flash, Adobe Acrobat
Applications/Databases:
Browser – Browser in use is Internet Explorer and browser security setting was set to low.
Browsers allow remote installation of applets, and there is no standard browser for the
environment.
Virus Software – MacAfee is deployed locally on each user's machine and users are mandated to
update their virus policy every month.
SQL Database – Ordinary users can escalate privilege via SQL Agent. Disk space for SQL database
log is small and is overwritten with new information when it is full. Limetree Inc. is not using any
encryption for sensitive data at rest within the SQL server environment.
Network:
The network comprises the following: three web/applications servers, three email servers, five file and
printer servers, two proxy servers, seven remotely manageable Cisco switches, 250 desktops, three
firewall devices, one gateway (router) device to the internet, and three wireless access points.
Configuration Highlights:
Wireless – Wireless network is available with clearly advertised SSID, and it is part of the local
area network (LAN). There is no segmentation or authentication between the wireless and wired
LAN. Visitors are provided access code to the wireless network at the front desk to use the
internet while they wait to be attended to.
Managed switches – There is no logging of network activities on any of the switches.
Web server – Public-facing web server is part of the LAN. This is where internet users get
needed .
3 Enablers of Successful Cyber Attacks and How to Thwart ThemIBM Security
View On Demand Webinar: http://event.on24.com/wcc/r/1034047/290050B65FF5D6C0727ABDA9E60203CB
The traditional approaches used to fight cybercrime simply aren’t effective anymore. During Advanced Persistent Threats (APTs) and targeted attacks, the attacker uses a myriad of tools and techniques to breach an organization’s network, steal sensitive information and compromise its operations.
Vulnerable endpoints, careless users and advanced evasive malware represent three enablers to successful attacks. Users and endpoints have become the front-line in the ongoing war against cyber-crime. A new approach is needed to win the war.
In this on demand webinar, we will examine the different ways cybercriminals target end users and why enterprises have failed to protect against advanced threats. We will introduce a new preemptive approach that redefines endpoint protection with multi-layered security controls and integrated management that represent a unified ecosystem for endpoint control.
Join us to learn:
- How to thwart the three enablers that allow hackers to compromise endpoints
- Why a unified endpoint protection and management strategy is needed
- How IBM BigFix and IBM Trusteer Apex provide integrated endpoint security
This document discusses security trends facing organizations and IBM's security strategy and capabilities. Key points include:
- Sophisticated attackers are finding new ways to breach security like SQL injection and watering hole attacks. Data breaches increased 500% from 2011-2013.
- New technologies like cloud and mobile introduce new risks as traditional security practices become unsustainable. Skills shortages also challenge security.
- Identity has become the new perimeter and a key focus as it is the first line of defense. Context-aware identity and access management is needed.
- IBM's security strategy focuses on delivering intelligence, integration, and expertise across frameworks addressing advanced threats, cloud, mobile, compliance, and skills shortages.
10 Security Essentials Every CxO Should KnowIBM Security
View On Demand Webinar: http://event.on24.com/wcc/r/1060940/3EBB3C7D778564710E957F99AF1D7C1B
How comprehensive is your security program? Organizations today are reliant on technology more than ever to achieve competitive advantage. Whether it is growing your brand, automating a supply chain or moving to cloud and mobile, technology is the lifeblood of business. This shift in reliance also brings cyber threats that must be addressed.
Based on extensive experience, IBM has established 10 Essential Practices for a comprehensive security posture. Join Glen Holland, Global Practice Lead of SAP Security Services, to hear about the key imperatives can help you understand and address these threats and protect the business.
In this on demand webinar, you will learn:
- The 10 security essentials and best practices of today’s security leaders
- How to assess your security maturity
- Where your critical gaps lie and how to prioritize your actions
Life on the Endpoint Edge: Winning the Battle Against Cyber AttacksIBM Security
View On Demand Webinar: https://securityintelligence.com/events/life-on-the-endpoint-edge-winning-the-battle-against-cyber-attacks/
The perimeter – the boundary that encloses what you need to protect – was once a fixed value. Now your perimeter is wherever your endpoints are—from on-site servers at your headquarters, to employee devices connecting remotely around the globe. That picture is further complicated by the increasing types of devices that comprise your perimeter: point-of-sale systems (POS), ATMs, remote servers and even that ‘yet-to-be-invented device’ (that your boss will probably want on your network the week it’s released).
With cyber-attacks and vulnerabilities increasing in number and sophistication, how do you ensure endpoints in your organization are immunized against a potential breach while dealing with reduced budgets and limited resources?
View this on-demand webinar to learn about the state of endpoint security and how it is evolving to keep pace with attackers looking to exploit any gap in your perimeter.
This document discusses implementing IT security controls and the behavioral aspects of managing insider threats. It summarizes research showing that technical controls alone cannot solve security issues as they are also social and organizational problems. Later research applied a systems dynamics model and signal detection theory to observe behavioral risks, finding that information workers and security officers use experience and thresholds to decide when to investigate anomalies. Training staff on security tools and awareness was found to significantly reduce insider attacks. A 2010 framework addressed insider threats by considering the organization, individual, IT systems, and environment.
Linda Lopez Resume 20170130 IT SecurityLinda Lopez
Linda Lopez has over 20 years of experience in IT security, compliance, and application engineering. She has a proven track record of increasing security and reducing risk and costs at previous employers. Her core competencies include application, infrastructure, and data security compliance, Oracle application engineering, and business process reengineering. She holds certifications in CISA, MCSE, and MCP.
An international energy company analyzed billions of events per day using IBM's QRadar SIEM and QFlow solutions to reduce that number to around 20-25 events that needed investigation. A financial information provider used these same solutions to help identify subtle threats and fraud indicators. A credit card firm deployed QRadar SIEM to gain better visibility into current threats and reduce costs compared to its previous solution. A payments processor implemented QRadar SIEM and IBM Network IPS to achieve PCI compliance and exceed regulatory requirements. A fashion designer later used evidence from QRadar SIEM in court against an employee who was downloading and deleting files.
The document provides a system security plan for the <INSERT SYSTEM NAME> system. It contains 3 sections - an executive summary, system description and overview of security controls. The executive summary introduces the system security plan and provides a high-level summary of the <INSERT SYSTEM NAME> system, including that it is categorized as moderate impact and supports <INSERT ENVIRONMENT SUPPORTED>. The system description section provides details on the system technical environment, software, hardware and interconnections. The security controls section identifies which NIST 800-53 controls have been met, partially met, not met or are not applicable for the system.
This document discusses self-healing systems. It defines self-healing systems as systems that can understand when they are not operating correctly and restore themselves without human intervention. The document then discusses autonomic computing, which aims to create computer environments that can automatically detect and adjust to issues. Key elements of autonomic computing systems are described, including the autonomic control loop of collecting information, analyzing it, planning a response, and acting. The document also outlines characteristics of autonomic computing and categories related to self-healing systems like fault models, system responses, system completeness, and design context. Security implications of self-healing systems are also mentioned.
Comprehensive risk management for a cyber secure organizationJoe Hessmiller
This document discusses the need for comprehensive risk management and automation for cyber security. It makes three key points:
1. Security is a process that requires monitoring across physical, technical and administrative controls to be effective. Comprehensive monitoring of vulnerabilities and threats is needed.
2. Automation is key to continuously monitoring for vulnerabilities and threats, and to modifying security behaviors through persistent enforcement and reinforcement of practices.
3. An effective approach is to automate information security "ensurance" through a system that incorporates both technical ("hard") data from security systems and human ("soft") feedback to provide comprehensive security assessment and reinforcement of policies to change behaviors.
Automation of Information (Cyber) Security by Joe HessmillerJoe Hessmiller
The focus is on physical and logical security vulnerabilities. Yes, locks and malware sandboxes are important. BUT, the biggest potential risk comes from inside. From the people who can - intentionally or unintentionally - expose the organization to the greatest risks. This presentation is about automating the process to control those risks.
Hp It Performance Suite Customer Presentationesbosman
This document discusses the HP IT Performance Suite, which provides tools to help organizations optimize IT performance. It includes an Executive Scorecard that gives business leaders visibility into key IT performance metrics. The suite also features modules for strategy, planning, application development, operations management, and security. HP professional services help customers implement the suite through workshops, consulting, training, and support services. The goal is to help IT organizations and CIOs "perform better" by improving areas like operations, innovation, cost management, and agility.
This document discusses IBM's QRadar User Behavior Analytics product for detecting insider threats and risks. It provides an agenda for the presentation which includes discussing challenges around insider threats, IBM UBA capabilities using machine learning, and IBM's integrated approach to insider threat protection. It also includes a case study example of how IBM implemented its solution for a global pharma client to help address concerns around the impact of a major reorganization on employee morale.
E Mail Security Solution Industry Report PowerPoint Presentation SlidesSlideTeam
If your company needs to submit a E Mail Security Solution Industry Report PowerPoint Presentation Slides look no further. Our researchers have analyzed thousands of proposals on this topic for effectiveness and conversion. Just download our template, add your company data and submit to your client for a positive response. https://bit.ly/2WGv4Je
Symantec Endpoint Protection utilizes both reputation-based analysis and real-time behavioral monitoring technology to detect and block known and unknown malware. It has consistently received the highest AAA rating over four years for successfully stopping threats while allowing legitimate software installation and use. Performance tests also show it has the best protection against online threats while imposing minimal impact on everyday work.
IRJET- Employee Task Management System with High AuthenticationIRJET Journal
This document proposes an employee task management system with improved authentication security. The system allows administrators to assign tasks to employees, track attendance to calculate salaries and generate pay slips. It uses an implicit password authentication system where random security questions are generated during login. If the username, password and questions are correctly answered, an OTP is sent to the employee's email for verification. This provides higher security than existing systems. The system aims to accurately manage employee records and tasks while maintaining confidentiality of information.
QRadar & XGS: Stopping Attacks with a Click of the MouseIBM Security
View on-demand: https://securityintelligence.com/events/qradar-xgs-stopping-attacks-click-mouse/
As the tactics and techniques behind attacks continue to advance and evolve, organizations need a faster way to identify and prevent those attacks in real time. An integrated approach to security can make this a reality, especially when integrations are designed to proactively disrupt the lifecycle of advanced attacks through shared security intelligence and enabling organizations to take immediate action based on that intelligence.
In this session you will learn how IBM QRadar Security Intelligence Platform and IBM Security Network Protection (XGS), a next-generation IPS, work together to disrupt the attack chain and improve network security.
Join IBM Security product expert Craig Knapik as he shares how the QRadar and XGS integration enriches overall security intelligence and improves threat detection, while enabling security professionals to block threats immediately with a simple click of the mouse.
This document summarizes a research paper on data security in distributed systems. It begins by defining distributed systems and client/server systems. It then discusses some of the general problems with data security management in these systems, such as unsecure login processes and users not changing passwords regularly. Finally, it proposes a model for an access security system for distributed systems that includes an access security server with communication, session, and application layers to manage authentication, authorization, and access controls for users and systems.
Learn about the IBM i for Enterprise Businesses Quantifying the Value of Resilience.The IBM i operating environment has a longstanding track record of maintaining extremely high levels of
availability, security and disaster recovery. Users routinely describe it as “highly stable, extremely robust, completely dependable, rock-solid” and comparable terms.
ISE 510 Final Project Scenario Background Limetree In.docxchristiandean12115
ISE 510 Final Project Scenario
Background
Limetree Inc. is a research and development firm that engages in multiple research projects with the
federal government and private corporations in the areas of healthcare, biotechnology, and other
cutting-edge industries. It has been experiencing major growth in recent years, but there is also a
concern that information security lapses are becoming rampant as the company grows. Limetree Inc. is
working to establish a strong reputation in the industry, and it views a robust information security
program as part of the means to achieving its goal. The company looks to monitor and remain compliant
to any regulation impacting its operations.
Limetree Inc. recently experienced a security breach; it believes confidential company data has been
stolen, including personal health information (PHI) used in a research study. Limetree Inc. believes the
breach may have occurred because of some security vulnerabilities within its system and processes.
Limetree Inc.’s virtual environment is presented in the Agent Surefire: InfoSec educational video game.
The rest of the environment is presented via an interview with the security manager, Jack Sterling.
Highlight of Interview with Jack Sterling
Interview with Jack Sterling revealed the following about Limetree Inc.’s system and processes:
Hardware/Software:
Desktop Apps: Internet Explorer, Firefox, Google Chrome, MS Office, Adobe Flash, Adobe Acrobat
Applications/Databases:
Browser – Browser in use is Internet Explorer and browser security setting was set to low.
Browsers allow remote installation of applets, and there is no standard browser for the
environment.
Virus Software – MacAfee is deployed locally on each user's machine and users are mandated to
update their virus policy every month.
SQL Database – Ordinary users can escalate privilege via SQL Agent. Disk space for SQL database
log is small and is overwritten with new information when it is full. Limetree Inc. is not using any
encryption for sensitive data at rest within the SQL server environment.
Network:
The network comprises the following: three web/applications servers, three email servers, five file and
printer servers, two proxy servers, seven remotely manageable Cisco switches, 250 desktops, three
firewall devices, one gateway (router) device to the internet, and three wireless access points.
Configuration Highlights:
Wireless – Wireless network is available with clearly advertised SSID, and it is part of the local
area network (LAN). There is no segmentation or authentication between the wireless and wired
LAN. Visitors are provided access code to the wireless network at the front desk to use the
internet while they wait to be attended to.
Managed switches – There is no logging of network activities on any of the switches.
Web server – Public-facing web server is part of the LAN. This is where internet users get
needed .
Don't Risk Your Reputation or Your Mainframe: Best Practices for Demonstratin...IBM Security
Mainframes host mission critical corporate information and production applications for many financial, healthcare, government and retail companies requiring highly secure systems and regulatory compliance. Demonstrating compliance for your industry can be complex and failure to comply can result in vulnerabilities, audit failures, loss of reputation, security breaches, and even system shut down. How can you simplify enforcement of security policy and best practices? How can you automate security monitoring, threat detection, remediation and compliance reporting? How can you demonstrate governance, risk and compliance on your mainframe? Learn how your modern mainframe can help you to comply with industry regulations, reduce costs and protect your enterprise while supporting cloud, mobile, social and big data environments.
View the full on-demand webcast: https://www2.gotomeeting.com/en_US/island/webinar/registration.tmpl?Action=rgoto&_sf=14
Bridging the Gap Between Your Security Defenses and Critical DataIBM Security
View on-demand recording: http://securityintelligence.com/events/bridging-the-gap-between-your-security-defenses-and-critical-data/
Many organizations are struggling with the growing gap between the vulnerability of critical data and security defenses. You need visibility at all times to prevent external and internal database breaches. Your organization can't lose sight of the importance of the integrity of your data, including unauthorized changes and suspicious activity.
You will learn how combining the industry-leading security intelligence capabilities of IBM QRadar Security Intelligence Platform with the robust data security capabilities of IBM Security Guardium data activity monitor, organizations can gain actionable insights to reduce security risks at all layers and boost compliance across the enterprise.
In this live webinar, Sally Fabian, IBM Data Security Technical Specialist, will discuss:
- Architecture and integration points
- Real-time alerts and reporting
- Vulnerability assessments according to your risk score
- Security intelligence event log collection and analytics
- Actionable insights from security events
ISE 510 Final Project Scenario Background Limetree Inc. is a resea.docxchristiandean12115
ISE 510 Final Project Scenario Background Limetree Inc. is a research and development firm that engages in multiple research projects with the federal government and private corporations in the areas of healthcare, biotechnology, and other cutting-edge industries. It has been experiencing major growth in recent years, but there is also a concern that information security lapses are becoming rampant as the company grows. Limetree Inc. is working to establish a strong reputation in the industry, and it views a robust information security program as part of the means to achieving its goal. The company looks to monitor and remain compliant to any regulation impacting its operations.
Limetree Inc. recently experienced a security breach; it believes confidential company data has been stolen, including personal health information (PHI) used in a research study. Limetree Inc. believes the breach may have occurred because of some security vulnerabilities within its system and processes.
Limetree Inc.’s virtual environment is presented in the Agent Surefire: InfoSec educational video game. The rest of the environment is presented via an interview with the security manager, Jack Sterling.
Highlight of Interview with Jack Sterling
Interview with Jack Sterling revealed the following about Limetree Inc.’s system and processes:
Hardware/Software:
Desktop Apps: Internet Explorer, Firefox, Google Chrome, MS Office, Adobe Flash, Adobe Acrobat
Applications/Databases:
Browser – Browser in use is Internet Explorer and browser security setting was set to low. Browsers allow remote installation of applets, and there is no standard browser for the environment.
Virus Software – MacAfee is deployed locally on each user's machine and users are mandated to update their virus policy every month.
SQL Database – Ordinary users can escalate privilege via SQL Agent. Disk space for SQL database log is small and is overwritten with new information when it is full. Limetree Inc. is not using any encryption for sensitive data at rest within the SQL server environment.
Network:
The network comprises the following: three web/applications servers, three email servers, five file and printer servers, two proxy servers, seven remotely manageable Cisco switches, 250 desktops, three firewall devices, one gateway (router) device to the internet, and three wireless access points.
Configuration Highlights:
Wireless – Wireless network is available with clearly advertised SSID, and it is part of the local area network (LAN). There is no segmentation or authentication between the wireless and wired LAN. Visitors are provided access code to the wireless network at the front desk to use the internet while they wait to be attended to.
Managed switches – There is no logging of network activities on any of the switches.
Web server – Public-facing web server is part of the LAN. This is where internet users get needed information on the company. The web servers are running the f.
Energy Sector Security Metrics - June 2013Andy Bochman
The US Congress, DHS and the man on the street say the grid is not secure enough. Well how do they know? How does anyone know how secure they are today? And how would one define how secure is secure enough? Unless we can begin to measure, we'll never be able to baseline, and never be able to road map to a demonstrable, more secure future state. So let's get started.
David Cass discusses the role of security and how best practices can be used to accelerate cloud adoption and success.
Learn more by visiting our Bluemix Hybrid page: http://ibm.co/1PKN23h
Speaker: David Cass (Vice President, Cloud and SaaS CISO)
Cutting Through the Software License Jungle: Stay Safe and Control CostsIBM Security
View on demand webinar: http://event.on24.com/wcc/r/1064153/E59BB80AC2DB08E80C183ADB948A4899
If you’ve ever tried to reconcile the number of software licenses issued in your company against the number of licenses that are actually being used, you know it’s a jungle out there. In fact, one study uncovered that 85% of organizations are “accidental” software pirates, meaning they’re using more software than they paid for. In addition, many enterprises are facing unplanned and unbudgeted software license “true-up” bills from their vendors – that can cost millions of dollars. But you don’t have to. Join this webinar to get the facts and hack through the software licence jungle with IBM BigFix. We give you a consolidated, holistic view of the software you’ve deployed to help ensure audit compliance–and at the same time, help mitigate the threat of malicious software while effectively managing overall software spend.
Join this live webinar to learn how to:
- Discover all licensed and unlicensed software to pass more audits.
- Decrease software license costs by reducing the amount of unused or redundant software.
- Manage assets on hundreds -or hundreds of thousands- of Windows, Mac OS, Unix and Linux endpoints.
- Mitigate risk from malicious software including whitelist/blacklist filtering of inventory data.
Getting Started with IBM i Security: Securing PC AccessHelpSystems
This PowerPoint explains how to secure network access through PCs. Find out how well-known services like FTP and ODBC enable users to access sensitive data without oversight or restrictions. Exit programs and how you can use them to protect your organization are explained as well. Protect your system from unauthorized network access through readily available PC tools.
Java has a security model targeted at running applets and untrusted code, so you don’t need to worry about running your own code on your own servers, right? In fact, there are several vulnerability patterns that can affect server-side Java applications, and this presentation outlines some of the steps you should take to ensure that your server room is not compromised. It looks at the established techniques for enhancing your security and shows new technology from IBM that addresses several attack vectors.
Horizon Data Center Solutions provides secure, scalable infrastructure-as-a-service from its three tier III data centers. It offers solutions for global enterprises, US federal government agencies, and mid-market companies. Horizon completed stringent audits to receive an Authority to Operate from the US government, demonstrating its data security and compliance capabilities.
5 Things Your Security Administrator Should Tell YouHelpSystems
The IBM i operating system is lauded as one of the most secure available. Unfortunately, the truth is that many configurations result in shocking server vulnerabilities. If you have an interest in security or regulatory compliance, view this slideshow to learn about 5 important “secrets” that your administrator needs to be sharing with you.
Watch the on-demand webinar at HelpSystems.com.
http://www.helpsystems.com/powertech/events/recorded-webinars/5-things-your-administrator
Government Agencies Using Splunk: Is Your Critical Data Missing?Precisely
Mainframes continue to run many critical applications for Government agencies, and if you’re a government agency using Splunk, the Mainframe is often a major blind spot.
Ironstream is the industry’s leading high-performance, cost-effective solution for forwarding critical security and operational machine data from the mainframe to Splunk.
View this 20 minute demo to learn how Ironstream can deliver:
• Healthier IT operations by correlating events across all your IT Infrastructure – increasing efficiency, insight and cost-savings
• Clearer, more precise security information with complete visibility into enterprise wide security alerts and risks for all systems, including mainframes
• Less complexity by breaking down silos and seamlessly integrating with Splunk for a single view of all your systems, with no mainframe expertise required
We also share how one federal law-enforcement agency used Ironstream to meet the ever-changing reporting requests from its auditors in order to prove compliance with information-security requirements.
This report deals with this cost/benefit equation. Specifically, it compares the IBM i 7.1 operating system deployed on Power Systems with two alternatives: use of Microsoft Windows Server 2008 and SQL Server 2008, and use of x86 Linux with Oracle Database 11g, both deployed on Intel-based servers.
CYB 610 Project 4 involves a collaborative team tasked with addressing cyber threats and exploitation against US financial systems. The team consists of representatives from financial services, law enforcement, intelligence, and homeland security. They will produce a Situational Analysis Report and After Action Report on a cyber attack involving distributed denial of service attacks and data exfiltration by a nation state actor. The collaboration between sectors is meant to leverage different skills and authorities to better defend critical infrastructure through information sharing and coordinated response.
IRJET-Managing Security of Systems by Data CollectionIRJET Journal
This document discusses managing system security through data collection. It proposes creating an application that collects security-related data from client systems on a network and stores it in a database server. This would allow monitoring the systems for intrusions or issues. The application would run in the background of each client system and collect configuration, software and activity data periodically to send to the database server. The collected data could then be analyzed to detect any unauthorized changes or suspicious activity on the client systems.
JavaOne2013: Securing Java in the Server Room - Tim EllisonChris Bailey
Java has a security model targeted at running applets and untrusted code, so you don’t need to worry about running your own code on your own servers, right? In fact, there are several vulnerability patterns that can affect server-side Java applications, and this presentation outlines some of the steps you should take to ensure that your server room is not compromised. It looks at the established techniques for enhancing your security and shows new technology from IBM that addresses several attack vectors.
This white paper examines how the Payment Card Industry Data Security Standard (PCI DSS) relates to IBM i servers and highlights when the PowerTech products can provide a solution to specific PCI requirements.
Automated Asset Tracking in the Data Center: How IBM Reduced the Time/Cost of...Keith Braswell
This document discusses how IBM reduced the time and costs of tracking assets in their data centers by implementing an automated asset tracking system using RFID technology. It outlines the high costs of manual asset tracking processes, such as inventory collection, reconciliation of inaccurate records, and time spent locating misplaced assets. It then describes how IBM piloted an RFID-based solution across several of their data centers, which improved inventory accuracy from 71.8% to 99.7% and reduced reconciliation times by 80%. The system provided full asset visibility and analytics capabilities, and helped IBM optimize environmental monitoring to save $10,000 annually. IBM plans to deploy the smarter asset management solution across all of their global data centers over the next two years.
This white paper discusses how companies can use customer analytics to gain a better understanding of their customers and improve business outcomes. It recommends combining both structured and unstructured customer data from various sources to build rich customer profiles. This helps companies identify customer needs, improve experiences, increase loyalty and revenue. The paper provides examples of how companies have leveraged customer analytics to reduce costs, increase market share and optimize marketing without increasing spend.
Read this report for collective intelligence applications, such as: identifying new opportunities to differentiate your organization or serve new markets; tapping into outside skills and experiences to deliver on business imperatives; and predicting outcomes of today's increasingly complex business challenges.
The document discusses Platform-as-a-Service (PaaS) and insights from early adopters. It finds that Pioneers see greater strategic benefits from PaaS, like streamlining development and speeding time to market. They have overcome concerns about security and costs. While all have quality concerns, Pioneers address issues to leverage opportunities for innovation. Their experiences provide lessons for other organizations considering PaaS.
Healthcare systems often have many different legacy software systems that don't interact, leading to duplicate patient records and wasted time re-entering data. Master data management (MDM) creates a single unified patient record that can be accessed across different parts of a healthcare organization. MDM improves efficiency by reducing data entry and medical errors, while also enabling advanced analytics to improve patient outcomes.
3 guiding priciples to improve data securityKeith Braswell
This document discusses the need for organizations to adopt a holistic approach to data security and compliance. It outlines three guiding principles: 1) Understand and define where sensitive data resides across the enterprise. 2) Secure and protect enterprise databases and monitor and audit data access. 3) Continuously monitor systems to demonstrate compliance to auditors. The document argues that a systematic, proactive approach is needed to address the growing threats to data security from sophisticated hackers, increased regulations, and the explosion of data sources and types in today's complex IT environments.
Building Production Ready Search Pipelines with Spark and MilvusZilliz
Spark is the widely used ETL tool for processing, indexing and ingesting data to serving stack for search. Milvus is the production-ready open-source vector database. In this talk we will show how to use Spark to process unstructured data to extract vector representations, and push the vectors to Milvus vector database for search serving.
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Speck&Tech
ABSTRACT: A prima vista, un mattoncino Lego e la backdoor XZ potrebbero avere in comune il fatto di essere entrambi blocchi di costruzione, o dipendenze di progetti creativi e software. La realtà è che un mattoncino Lego e il caso della backdoor XZ hanno molto di più di tutto ciò in comune.
Partecipate alla presentazione per immergervi in una storia di interoperabilità, standard e formati aperti, per poi discutere del ruolo importante che i contributori hanno in una comunità open source sostenibile.
BIO: Sostenitrice del software libero e dei formati standard e aperti. È stata un membro attivo dei progetti Fedora e openSUSE e ha co-fondato l'Associazione LibreItalia dove è stata coinvolta in diversi eventi, migrazioni e formazione relativi a LibreOffice. In precedenza ha lavorato a migrazioni e corsi di formazione su LibreOffice per diverse amministrazioni pubbliche e privati. Da gennaio 2020 lavora in SUSE come Software Release Engineer per Uyuni e SUSE Manager e quando non segue la sua passione per i computer e per Geeko coltiva la sua curiosità per l'astronomia (da cui deriva il suo nickname deneb_alpha).
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
HCL Notes and Domino License Cost Reduction in the World of DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-and-domino-license-cost-reduction-in-the-world-of-dlau/
The introduction of DLAU and the CCB & CCX licensing model caused quite a stir in the HCL community. As a Notes and Domino customer, you may have faced challenges with unexpected user counts and license costs. You probably have questions on how this new licensing approach works and how to benefit from it. Most importantly, you likely have budget constraints and want to save money where possible. Don’t worry, we can help with all of this!
We’ll show you how to fix common misconfigurations that cause higher-than-expected user counts, and how to identify accounts which you can deactivate to save money. There are also frequent patterns that can cause unnecessary cost, like using a person document instead of a mail-in for shared mailboxes. We’ll provide examples and solutions for those as well. And naturally we’ll explain the new licensing model.
Join HCL Ambassador Marc Thomas in this webinar with a special guest appearance from Franz Walder. It will give you the tools and know-how to stay on top of what is going on with Domino licensing. You will be able lower your cost through an optimized configuration and keep it low going forward.
These topics will be covered
- Reducing license cost by finding and fixing misconfigurations and superfluous accounts
- How do CCB and CCX licenses really work?
- Understanding the DLAU tool and how to best utilize it
- Tips for common problem areas, like team mailboxes, functional/test users, etc
- Practical examples and best practices to implement right away
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
GraphRAG for Life Science to increase LLM accuracyTomaz Bratanic
GraphRAG for life science domain, where you retriever information from biomedical knowledge graphs using LLMs to increase the accuracy and performance of generated answers
Programming Foundation Models with DSPy - Meetup SlidesZilliz
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc
How does your privacy program stack up against your peers? What challenges are privacy teams tackling and prioritizing in 2024?
In the fifth annual Global Privacy Benchmarks Survey, we asked over 1,800 global privacy professionals and business executives to share their perspectives on the current state of privacy inside and outside of their organizations. This year’s report focused on emerging areas of importance for privacy and compliance professionals, including considerations and implications of Artificial Intelligence (AI) technologies, building brand trust, and different approaches for achieving higher privacy competence scores.
See how organizational priorities and strategic approaches to data security and privacy are evolving around the globe.
This webinar will review:
- The top 10 privacy insights from the fifth annual Global Privacy Benchmarks Survey
- The top challenges for privacy leaders, practitioners, and organizations in 2024
- Key themes to consider in developing and maintaining your privacy program
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slackshyamraj55
Discover the seamless integration of RPA (Robotic Process Automation), COMPOSER, and APM with AWS IDP enhanced with Slack notifications. Explore how these technologies converge to streamline workflows, optimize performance, and ensure secure access, all while leveraging the power of AWS IDP and real-time communication via Slack notifications.
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
1. 2013 State of IBM i Security Study
Presented by PowerTech,
A Division of Help/Systems
2. 2013 State of IBM i Security Study
p. 2
The PowerTech Group
www.powertech.com • info@powertech.com
INTRODUCTION
A breach like this might seem farfetched in the real world—where Power Systems™ servers
running IBM i maintain a solid reputation for impenetrable security. But the data from the
2013 State of IBM i Security Study proves these internal threats more possible than not.
The face of the cybercriminal is changing and any number of improper security controls—
allowing default passwords, not limiting sign on attempts, keeping inactive profiles—could
make their breach attempts successful.
While IBM i is one of the most securable servers, the prevailing use of incorrect or lax
configuration settings leaves it vulnerable to threats.
Even if you would personally vouch for the integrity of your staff, remember that SOX, PCI,
and other regulatory compliance auditors aren’t asking, “Would they?” or “Might they?”
but “Do they have the ability to?”
The annual State of IBM i Security study strives to help executives, IT managers, system
admins, and auditors understand the important IBM i security exposures and compliance
violations and how to correct them in the most efficient and economical way.
A star employee sits in her office, curled over her keyboard. It’s after 5,
but she’s still here. Coworkers assume a promotion is in the works and
admire her loyalty, but she’s got different motives.
She types a few characters and hits enter. No luck. Undeterred, she tries
a different combination of letters. Nothing…yet. The question isn’t when
will she gain access to sensitive IBM i data, the question is—
Will the security team catch her in time?
3. 2013 State of IBM i Security Study
p. 3
The PowerTech Group
www.powertech.com • info@powertech.com
WHY THIS STUDY IS IMPORTANT
This year marks the 25th birthday of the AS/400, as well as the 10th anniversary
of the State of IBM i Security Study. From the AS/400 to iSeries, System i, and
finally Power Systems running IBM i, PowerTech has followed the evolution and
provided invaluable security insight from more than 1,700 servers worldwide.
The results from the 2013 study, and the universal nature of IBM i vulnerabilities,
lead us to conclude that if you have IBM i systems in your data center, your
organization might suffer from similar internal control deficiencies.
WHAT THIS STUDY MEANS FOR YOU
Your IBM i server likely runs your mission-critical business applications—and has
been for 20 years or more—but the staff that set up server security may be long gone.
To complicate things, the integrated nature of many IBM i security controls has caused confu-
sion over who is responsible for the configuration—IBM, the customer, or the application
provider. As such, many systems operate with default settings due to lack of ownership.
You know an IBM i audit is long overdue, but you’re too busy grappling with:
• Knowledge gaps
• Overextended staff
• Lean IT budgets
Too often, IBM i security projects take a back seat to Windows and UNIX platforms due to the
perception that IBM i is less vulnerable.
Consequently, as the threat landscape looms ever greater, the administration of IBM i security
controls has lapsed and guards are down.
Now here’s the good news: The weaknesses identified through our assessments and docu-
mented in this study are caused by poor or missing configurations that can—and should—be
corrected.
This study shows you the most common and dangerous IBM i security exposures; outlines how
to correct them; and explains how these relate to compliance legislation, industry regulations,
and IT guidelines and best practices.
“The weaknesses
identified in this
study are caused by
poor or missing
configurations that
can—and should—
be corrected.”
4. 2013 State of IBM i Security Study
p. 4
The PowerTech Group
www.powertech.com • info@powertech.com
THE POWER SYSTEMS LANDSCAPE
IBM introduced the AS/400 in 1988 as its computing system for small- and medium-sized compa-
nies. Today, the Power Systems product line ranges from small servers with a single processor to
the Power 780 server, which can have up to sixteen POWER7+ processors with four cores each.
The IBM i community includes a large and loyal base throughout the world—with more than
380,000 systems estimated in production use. The PowerTech data was collected from a cross-
section of systems of varying sizes.
Companies in retail, financial, manufacturing, and distribution industries typically purchased
their Power Systems server as part of an integrated business system. Today more than 16,000
banks run their core banking and financial applications on an IBM i server.
Many retailers use financial applications that store credit card data on the system. Some of the
well-known software vendors that provide applications are:
• Oracle (JD Edwards ERP)
• Lawson/Intentia (Financials)
• FISERVE
• SAP
• IBM Domino
• IBM WebSphere
• Jack Henry (Core banking)
• INFOR (BPICS, MAPICS, Infinium, Infor ERP XA applications, PRISM)
• Manhattan Associates (Supply chain)
Given the mission-critical data stored on these systems, maintaining a secure configuration
should be a top priority.
METHODS
Using the Compliance Assessment™ (PowerTech proprietary software, which runs directly from
any network-attached PC without modifying IBM system settings), Power Systems running IBM
i (System i, iSeries, AS/400) are interrogated across six critical audit areas:
• Server-level security controls
• Profile and password settings
• Administrative capabilities
• Network-initiated commands & data access
• Public accessibility to corporate data
• System event auditing
5. 2013 State of IBM i Security Study
p. 5
The PowerTech Group
www.powertech.com • info@powertech.com
After the analysis is complete, the anonymous security statistics are returned directly to one of
our servers. The software does not collect any application-specific data; therefore no informa-
tion is available regarding the purpose of the server. Participation in the study is optional.
For this year’s study, PowerTech reviewed data from 101 IBM i servers and partitions audited
between January and December of 2012. The organizations spanned a broad range of sizes
and industry verticals, including financial, healthcare, communications, education, and trans-
portation.
As in previous years, this is not a random sample. The security officers or other staff at these
companies were concerned enough about IBM i security to request an assessment. This may
have resulted in a sample that is either unusually security-conscious or, at the other extreme,
knowingly deficient. Our experience leads us to believe the latter is closer to the norm.
We conduct many more assessments than are included in the study as the recipient of an
assessment may opt out from sharing their details. This means we have greater—albeit
private—insight into the industry statistics than the study reveals. Everything we see reinforces
the study sample.
Lastly, this is not a recurring study of the same systems so direct year-to-year comparisons
cannot be made. However, some general trends are discussed.
The average system assessed for the 2013 study has 1,082 users and 427 libraries. These
numbers are a bit higher than the median because there were several large servers in the
data sample (Table 1).
TABLE 1: AVERAGE SYSTEM SIZE
System Size Average Median
# of Users 1,082 499
# of Libraries 427 325
All assessed servers are running on supported versions of the OS. Although IBM has declared
support will end in September 2013, 41% of the servers remain on V5R4 (Figure 1).
Another 41% are on V6R1 and the remaining 18% are running IBM’s latest: V7R1.
FIGURE 1: INSTALLED VERSIONS OF IBM i
V5R4M0 (41%)* V6R1M0 (41%) V7R1M0 (18%)
* IBM support for V5R4 ends on September 30, 2013. IBM recommends direct migration to V7R1.
6. 2013 State of IBM i Security Study
p. 6
The PowerTech Group
www.powertech.com • info@powertech.com
SYSTEM SECURITY
IBM i security best practices start with the configuration of numerous system values. Although
often undermined by other settings, the system security level (QSECURTY) sets the overall
tone. Documented vulnerabilities in security level 30 and below led IBM to recommend and ship
level 40 as the minimum. Unfortunately, 37% of servers are operating below this level.
Power Systems servers can be configured at one of five different security levels:
• Level 10 - No Security. No password required. User IDs are created for any user who
attempts to sign on. IBM no longer supports level 10.
• Level 20 - Password Security. Every user must have a valid ID and password. Every user
with a valid ID and password assumes root-level authority by default.
• Level 30 - Resource Security. Object-level authority is enforced as users do not assume
root-level authority by default. A moderately knowledgeable programmer or operator
can bypass resource level security and assume root-level authority.
• Level 40 - Operating System Security. Level 30 protection plus operating system integrity.
It is possible for an extremely knowledgeable programmer with access to your system to
elevate his or her level of authority, possibly as high as root-level authority.
• Level 50 - Enhanced Operating System Security. Level 40 protection plus enhanced
operating system integrity. A properly secured system at security level 50 is the best
defense. However, even at level 50, other system configuration issues must be addressed.
Figure 2 shows the distribution of security settings on the systems. Out of the 101 systems in
the 2013 dataset, 37% are running system security level 30 or lower.
FIGURE 2: SYSTEM SECURITY LEVEL
NumberofSystems
System Value: QSECURITY
7. 2013 State of IBM i Security Study
p. 7
The PowerTech Group
www.powertech.com • info@powertech.com
Several other system values related to object restoration often remain at their shipped levels,
confirming a typical IBM i configuration of “load and go.”
The following three system values work consecutively to determine if an object should be
restored, or if it is to be converted during the restore:
• Allow Object Restore (QALWOBJRST)—Only 2% of servers have altered this system
value from its default *ALL setting.
This value controls whether programs with certain security attributes, such as system-
state and authority adoption, can be restored.
• Force Conversion on Restore (QFRCCVNRST)—97% of servers are running below the
recommended level of 3.
This value, preset at level 1, controls whether some types of objects are converted during
a restore.
• Verify Object on Restore (QVFYOBJRST)—97% of servers are running below the
recommended level of 3.
This value, preset at level 1, controls whether a signature will be validated when a digitally
signed object is restored.
Control Defect: Approximately one-third of the systems surveyed are not following the best
practice for overall system security as recommended by IBM and all independent experts.
Relevant COBIT Objectives:
PO2.3 Data Classification Scheme
POWERFUL USERS
IT professionals require special authorities to manage servers. In addition to changing system
configuration, these authorities may permit the ability to view or change financial applications,
customer credit card data, and confidential employee files.
In careless, misguided, or malicious hands, these special authorities can cause serious damage.
Because of the risk, auditors require you to limit the users who have these special authorities
and carefully monitor and audit their use.
There are eight types of special authority in IBM i (i5/OS, OS/400). Figure 3 (opp. page) shows
the average number of user profiles for each special authority.
8. 2013 State of IBM i Security Study
p. 8
The PowerTech Group
www.powertech.com • info@powertech.com
FIGURE 3: POWERFUL USERS (SPECIAL AUTHORITIES)
Of all the special authorities, one provides the user with the unrestricted ability to view,
change, and delete every file and program on the system. As shown in Figure 3, *ALLOBJ
authority is granted to users in unacceptably high numbers.
IBM does not publish any documentation for the functions available with each of the special
authorities, which leads to resistance by IT to remove authorities for fear of “breaking” existing
operations.
While it is difficult to create a hard and fast rule for all environments, IBM i security experts agree
that the number of users with this special authority should be kept to the barest minimum.
In general, it’s best to keep the number of users with special authority to less than 10.
Only 3 of the systems reviewed have 10 or fewer users with *ALLOBJ authority. The most
frequently granted special authority is Spool Control (*SPLCTL) with more than 14% of users
carrying the capability to access any spooled file in any output queue without restriction.
Control Defect: Overwhelmingly the IBM i servers in this sample have too many profiles
with powerful authorities. In the hands of careless or disgruntled employees, this could
result in data loss, theft, or damage. Auditors check for the abuse of special authorities as
part of any standard IBM i audit. Even auditors who are not very familiar with the IBM i
environment are aware of this issue from other platforms.
Relevant COBIT objectives:
DS5.3 Identity Management
DS5.4 User Account Management
IBMiSpecialAuthorities
Number of User Profiles
“Best practices call
for less than 10
users with special
authorities.”
9. 2013 State of IBM i Security Study
p. 9
The PowerTech Group
www.powertech.com • info@powertech.com
PASSWORD MANAGEMENT AND USER SECURITY
User and password security issues are critical because they represent the most obvious—
and most easily exploited—method to compromise your system.
Without proper user and password security measures in place, efforts to secure other areas
of an IBM i network are largely ineffective. How can you be sure that the user signed on is the
same user that the ID and password were assigned to?
Inactive Profiles
In this study, we also looked at the number of inactive profiles—profiles that have not been used
in the last 30 days or more. Inactive profiles create a security exposure because these accounts
are not actively maintained by their users and are prime targets for hijacking.
Figure 4 shows an average of 207 enabled profiles (19% of the total) have not signed on in the
past 30 days or more.
FIGURE 4: INACTIVE PROFILES
DEFAULT PASSWORDS
PowerTech checked for profiles that have a default password—where the password is the same
as the username. Because this is the default when new user profiles are created, it is a particu-
larly high-risk factor for IBM i servers.
In one interesting statistic in the study, nearly 4% of enabled user profiles have default pass-
words (Figure 5). Half (51 out of 101) of the systems in the study have more than 30 user profiles
with default passwords. One system has 368 enabled user profiles with default passwords out
of 1,711 total users.
NumberofProfiles
All Inactive Profiles Enabled, Inactive Profiles
10. 2013 State of IBM i Security Study
p. 10
The PowerTech Group
www.powertech.com • info@powertech.com
FIGURE 5: DEFAULT PASSWORDS
Many companies name their user accounts or profiles based on a standard format, such as first
name initial followed by surname (for example, jsmith or tjones). A hacker, or malicious employee,
can guess profile names like jsmith and try default passwords. It’s even easier for an employee
who understands the user profile convention to guess account names and try default passwords,
especially if they are aware of accounts that have been created, but not yet used.
Password Length
IBM i provides the capability to require a minimum length for passwords. Shorter passwords
may be easier to remember, but they’re also easier for others to guess. Figure 6 shows the
setting for the minimum password value on the systems reviewed. The vast majority have the
minimum length set to 6 characters or greater. However, regulatory compliance such as the
Payment Card Industry Data Security Standard (PCI DSS) requires longer passwords.
FIGURE 6: MINIMUM PASSWORD LENGTH
“Default passwords
are a particularly
high-risk factor.
One IBM i system
have 368 user pro-
files with default
passwords out of
1,711 total users—
over 20%.”
All Profiles with
Default Passwords
All Enabled Profiles
with Defauls Passwords
NumberofSystems
NumberofSystems
System Value: QPWDMINLEN
11. 2013 State of IBM i Security Study
p. 11
The PowerTech Group
www.powertech.com • info@powertech.com
Other Password Settings
Several other features can ensure strict password control on an IBM i server, but
system administrators do not always use them. These settings help to make
passwords harder to guess, and increase the protection of your system. Some of
the more important password settings, and the study findings of their use, are:
• 55% of systems don’t require a digit in passwords.
• 28% of systems do not require passwords to differ from the
previous password.
• 30% of systems do not set an expiration time for passwords—
users are never forced to change their password.
While good password controls are important, a password expiration policy is equally important.
Best practice for a password expiration policy is to set the expiration interval at a maximum of
90 days. According to systems in our study, the average password expiration interval is 82 days.
However, 31% of the systems still have their default password expiration interval set to *NONE.
If your system is used for accounting or financial reporting, it’s best to set a shorter interval for
this default system value. Work with your auditors to determine the best policy for your system.
Invalid Sign On Attempts
This is another area worth closer examination. Many systems in our annual study had several
profiles with invalid sign on attempts. It happens to everyone from time to time. Password are
forgotten, mistyped, or simply mixed up with other passwords. Help desk personnel charged
with resetting these passwords often work with the same users over and over. How do you track
which users have multiple invalid sign on attempts? What if your powerful profiles are targeted?
A single invalid attempt, or even a handful of unsuccessful tries, may not be cause for concern.
But what if your system had one user profile with hundreds of invalid sign on attempts?
Consider the system in our study with 516,772 invalid sign on attempts.
Three, five, or even ten attempts are probably the sign of a frustrated user. Larger numbers
could indicate an intrusion attempt.
Numbers like 1,000, 15,000, or 700,000 are probably a sign of a broken application that doesn’t
have a built-in mechanism to identify invalid attempts.
The risk level increases significantly if the offending profile is determined to be, for example,
QSECOFR, and is not disabled automatically, or if the security team has no way to be notified of
failed access attempts in a timely manner.
It is worth noting that one of the opt-out compliance assessments reported 6.9 million sign on
attempts against one single profile. The obvious concern over this startling and repetitious sign
on activity is over-shadowed only by the fact that the organization was totally unaware of it.
“The PCI standard
requires a minimum
password length of
at least 7 characters
for compliance.”
12. 2013 State of IBM i Security Study
p. 12
The PowerTech Group
www.powertech.com • info@powertech.com
Figure 7 shows the action taken when the maximum number of allowed sign on attempts is
exceeded. In 87% of cases, the profile is disabled and this is recommended. When using named
devices (as opposed to virtual device names) the recommendation is expanded to include
disablement of the device description. It is not recommended to disable virtual devices as the
system typically creates a new device when the user reconnects.
FIGURE 7: DEFAULT ACTION FOR EXCEEDING INVALID SIGN ON ATTEMPTS
Control Defect: Overall, the results show that password management procedures are
weak and many user IDs are vulnerable to identity theft. Figure 3: Powerful Users, shows
that there are an unacceptably high number of powerful user profiles.
What happens if a hacker or a disgruntled employee finds his or her way into an account
with *ALLOBJ authority?
Relevant COBIT Objectives:
DS5.3 Identity Management
DS5.4 User Account Management
Data Access
On non-IBM i servers, users who are not granted permission to an object or task have no
authority. With IBM i, this is not the case.
Unless the user is granted a specific authority—granting or denying access—then the user will
be granted the default permission. This isn’t a problem unless we discover that the default
authority provides permission for a user to invoke a program and to read, change, and even
delete data from a file.
13. 2013 State of IBM i Security Study
p. 13
The PowerTech Group
www.powertech.com • info@powertech.com
To reduce the risk of unauthorized program changes and database alterations, auditors recom-
mend that users should not be authorized to read or change production databases or source
code without a proven business requirement.
In this study, PowerTech uses the *PUBLIC access rights to libraries as a simple measurement
indicating how accessible IBM i data would be to the average end user.
Figure 8 details the level of access that *PUBLIC has to libraries on the systems in our study. If
*PUBLIC has at least *USE authority to a library, anyone who can log in to the system can get a
catalog of all objects in that library. Once a user gains access to a library, they may be able to
access the objects in the library. They may even be able to delete objects from the library if they
possess the necessary authority to the specific object.
*USE authority to a file means any user with FTP access can download (read) the data. The FTP
GET function or ODBC operations in tools like Microsoft Excel allow even a novice end user to
access your data.
*CHANGE authority to a library allows the user to place new objects in the library and to
change some of the library characteristics.
*ALL access allows anyone on the system to manage, rename, specify security for, or even
delete a library (if they have delete authority to the objects in the library).
FIGURE 8: *PUBLIC AUTHORITY TO DATA
Our findings demonstrate that IBM i shops still have far too many libraries accessible to the
average user. The statistics for DB2 libraries indicate a lack of adequate control over the data,
which often includes critical corporate financial information.
The method used to determine what authority *PUBLIC will have to newly created files and
programs typically comes from the library’s Default Create Authority (CRTAUT) parameter.
14. 2013 State of IBM i Security Study
p. 14
The PowerTech Group
www.powertech.com • info@powertech.com
Figure 9 indicates that 17% of libraries reviewed have Default Create Authority set to *USE,
*CHANGE, or *ALL. However, more than 80% of libraries deferred the setting to the QCRTAUT
system value (*SYSVAL).
Figure 9A extends the library level assignment of *SYSVAL and reflects that the system value
typically remains at the shipped default of *CHANGE. In fact, not even a single system has been
configured to enforce the least-access requirement of common regulatory standards such as PCI.
This means that when new files and programs are created on these systems, the average user
automatically has change rights to the vast majority of those new objects. On these systems,
when anyone creates a new file in one of these libraries, *PUBLIC has the authority to read, add,
change, and delete data from the file. *PUBLIC also can copy data from, or upload data to, the
file, and even change some of the object characteristics of the file.
FIGURE 9: DEFAULT CREATE AUTHORITY BY LIBRARY
Control Defect: Overall, these results show that virtually every system user has access
to data far beyond their demonstrated need. Auditors typically look to ensure that the
company has adequate separation of duties and appropriate controls in place to
enforce the separation of duties.
Relevant COBIT Objective:
DS5.4 User Account Management
FIGURE 9A:
*SYSVAL PROPERTIES
15. 2013 State of IBM i Security Study
p. 15
The PowerTech Group
www.powertech.com • info@powertech.com
Network Access Control And Auditing
Over the years, IBM has extended the power of IBM i by adding tools that allow data to be
accessed from other platforms, especially PCs. Well-known services such as FTP, ODBC, JDBC,
and DDM are active and ready to send data across the network as soon as the machine is
powered on. Any user with a profile on the system and authority to the objects, can access
critical corporate data on your Power Systems server.
Even when administrators do not purposely install data access tools on users’ PCs, end users
can access data using free tools downloaded from the internet or tools that are included with
other software loaded on their PCs. For example, Windows comes with FTP client software that
easily sends or retrieves data from an IBM i server.
Worse yet, the results from the Data Access area indicate that object-level authority is poorly
implemented on most systems. The combination of open access rights to data, overly powerful
users, and convenient tools to access the data from a PC, is a perfect storm of IBM i security
exposures.
Beyond data access, some TCP services permit the execution of server commands. The easily-
accessed FTP service enables commands to be run by all users—even those without command
line permission on their profile. This is still a shock to many system administrators and unknown
to many managers and auditors.
The statistics in Figure 10 show that REXEC is often not automatically started but that FTP is
almost always active and listening.
FIGURE 10: REXEC AND FTP AUTOSTART
FTP AUTOSTARTED? REXEC AUTOSTARTED?
16. 2013 State of IBM i Security Study
p. 16
The PowerTech Group
www.powertech.com • info@powertech.com
To reduce this serious exposure, IBM provides interfaces known as exit points that allow admin-
istrators to secure their systems. An exit program attached to an exit point can monitor and
restrict network access to the system. IBM i shops can write their own exit programs or pur-
chase packaged software to accomplish this task. Without exit programs in place, IBM i does
not provide any audit trail of user activity originating through common network access tools
such as FTP and ODBC.
An exit program should have two main functions: to audit access requests and to provide
access control that augments IBM i object-level security. The study assumes that all designated
exit programs satisfy all of these minimum requirements.
PowerTech reviewed 27 different network exit point interfaces on each system to check wheth-
er an exit program is registered. Only 31% of the systems have any exit programs in place that
could potentially log and control network access (Figure 11).
Even on the systems with exit programs, coverage is often incomplete. Of the 31% of systems
with programs in place, 10% have only 1 registered exit program and only 6% have programs
registered to all of the network access exit points. The most common exit point covered is
ODBC (for initial connection only), followed by FTP Server.
FIGURE 11: EXIT PROGRAMS IN PLACE
Users with Command Line Access
The traditional way to control access to sensitive data and powerful commands was to limit
command line access for end users. And in the past, this method was effective.
“Without exit programs in
place, IBM i can’t audit user
activity through network
access tools such as FTP
and ODBC.”
17. 2013 State of IBM i Security Study
p. 17
The PowerTech Group
www.powertech.com • info@powertech.com
In addition to configuring the user profile with limited capabilities, application menus controlled
how users accessed data and when they had access to a command line. However, as IBM allows
new interfaces and remote commands, this approach isn’t as sound as it used to be.
According to our 2013 results, 29% of users have command line access through traditional
menu-based interfaces. Of those 317 users, we found that 18% of the profiles are enabled.
Several network interfaces do not acknowledge the command line limitations configured in a
user profile and must be controlled in other ways. This means that users can run commands
remotely, even when system administrators have purposely taken precautions to restrict them
from using a command line.
Control Defect: Based on the broad *PUBLIC authority demonstrated in the Data Access
area, anyone on these systems can access data, commands, and programs without the
operating system keeping a record.
Even companies that have installed exit program solutions to protect their data frequently
neglect some of the critical access points. It appears that many companies in the IBM i
community are dangerously unaware of the wide-open network access problem. The lack
of monitoring and control of network access is a serious deficiency in many shops.
Relevant COBIT Objectives:
DS5.4 User Account Management
DS5.5 Security Testing, Surveillance, and Monitoring
System Auditing
One of the significant security features of IBM i is its ability to log important security-related
events into a tamper-proof repository. However, 12% of the systems reviewed are not using the
audit journal (Figure 12, opp. page), indicating a very low level of scrutiny.
These systems are unable to review recent history to determine the source of critical security
events, such as:
• Who deleted this file?
• Who gave this user *ALLOBJ authority?
Although 88% (IBM i servers auditing their systems) is the best number we have seen in recent
years, there remains inconsistency in the types of events that are audited. Some configurations
suggest that auditing has been activated by High-Availability (HA) applications that must
replicate events to back up systems. Audit event types such as *AUTFAIL (Authority Failures)
are not required in an HA infrastructure and often identify that customers are not using the
auditing facility for security purposes.
18. 2013 State of IBM i Security Study
p. 18
The PowerTech Group
www.powertech.com • info@powertech.com
When the Security Audit Journal is activated, the volume of data it contains is often so large
and the contents so cryptic, that most IT staff have trouble monitoring the logged activity with
the tools available in the operating system. A few software vendors provide auditing tools that
report on and review the system data that’s written to the Security Audit Journal. But, only 27%
of the systems in the PowerTech study have a recognizable tool installed.
Companies today are overwhelmed by the amount of reporting required to demonstrate
compliance with regulations such as Sarbanes-Oxley (SOX) and the Payment Card Industry
Data Security Standard (PCI DSS), yet it appears that very few of them take advantage of the
tools that are available to automate and simplify reporting tasks.
FIGURE 12: SYSTEMS USING THE IBM i AUDIT JOURNAL
Control Defect: On most of the systems surveyed, security violations could occur undetected.
Companies that use the Security Audit Journal are in a far better position than those that
don’t because, at any time, they can use an automated tool to sift through and interpret the
audit journal entries.
Given the voluminous amounts of raw data that is collected in the IBM Security Audit
Journal, it’s not realistic to expect system administrators to manually review the logs
regularly. The job of filtering and analyzing massive amounts of complex raw data requires
software tools. A software auditing tool reduces the costs associated with compliance
reporting and increases the likelihood that this work will get done.
Relevant COBIT objectives:
DS5.5 Security Testing, Surveillance, and Monitoring
“The absence of the
Security Audit Journal
indicates a very low
level of security.”
19. 2013 State of IBM i Security Study
p. 19
The PowerTech Group
www.powertech.com • info@powertech.com
Conclusion
IBM Power Systems have long been perceived as one of the most secure platforms available.
But experts agree that IBM i security is only as effective as the policies, procedures, and
configurations put in place to manage it.
This study highlighted a number of common security exposures and configuration management
practices that must be addressed to protect the data on IBM i systems.
The study demonstrated that all organizations could improve the IT controls on their IBM i
server. In particular, there are six critical areas that warrant immediate inspection and action:
1. Powerful User Profiles—The control defect most readily recognized by both executives and IT
professionals is the unbridled and unmonitored power that some users have over system
applications and data. Auditors routinely cite this lack of control when auditing for separation
of duties in IBM i shops.
Recommendations:
• Document and enforce separation of duties for powerful users. Avoid having any one
all-powerful user, all the time.
• Monitor, log, and report on the use of powerful authorities. Be prepared to justify the use
of powerful authorities to auditors and managers.
• Implement a solution, such as PowerTech Authority Broker,™ to automatically monitor,
control, and audit users who need access to higher levels of authority.
• Monitor and secure the use of sensitive commands. PowerTech Command Security™ can
prevent unauthorized users from executing a monitored command.
2. User and Password Management—The integrity of user IDs and passwords is a critical
component of secure system access. Experienced system managers know that a little bit of
attention here can go a long way toward keeping systems secure.
Recommendations:
• Review user accounts on a regular basis to assure that each user’s access is appropriate
to their job responsibilities. Automating this step is essential if it is to become a regular
part of operations. PowerTech Compliance Monitor™ makes it easy to generate audit
reports on a regular basis that compare IBM i user and password information against policy.
• Use a profile management solution to maintain consistency of your user profiles across
systems. PowerTech PowerAdmin™ uses a template-based approach to manage user
profiles from a central management system.
20. 2013 State of IBM i Security Study
p. 20
The PowerTech Group
www.powertech.com • info@powertech.com
• Establish and enforce password policies that make it difficult to compromise
a user’s account.
• Use IBM i system values that make passwords more difficult to guess.
• Eliminate passwords entirely by implementing a Single Sign On (SSO) solution based on
the Enterprise Identity Mapping (EIM) technology that is included in the operating system.
3. Data Access—System managers require better processes and tools to monitor and control
access to IBM i data.
Recommendations:
• Use the security capabilities of the IBM i OS. Where possible, secure data using resource-
level security to protect individual application and data objects.
• When it is not possible, or practical, to protect data with resource-level security, use exit
program technology to regulate access to the data. PowerTech Network Security™ is the
industry’s leading off-the-shelf exit program solution.
• Monitor changes to your database information. PowerTech DataThread™ creates before-
and-after snapshots of database changes and requires users to sign for changes, so you
can meet compliance requirements.
• Investigate how well your third-party software suppliers use operating system resource
level security. Seek assistance from the vendor in protecting application objects.
• Ensure that application libraries are secured from general users on the system. (Set the
System Value and Library values for Default Create Authority to the most restrictive
setting [*EXCLUDE].)
4. Network Access Control and Auditing—This is nonexistent in most IBM i shops, so both
authorized and unauthorized access occurs without accountability or traceability. IBM’s exit
point technology provides the ability to control and monitor network data access. However, the
study indicates that the adoption rate of exit points has not kept pace with the adoption rate of
network data access utilities.
Recommendations:
• Implement exit programs using PowerTech Network Security to monitor and control
users’ access through network interfaces such as ODBC and FTP.
• Review network data access transactions for inappropriate or dangerous activity.
• Establish clear guidelines for file download and file sharing permissions.
• Remove default DB2 access in tools like Microsoft Excel and IBM i Access (Client Access).
21. 2013 State of IBM i Security Study
p. 21
The PowerTech Group
www.powertech.com • info@powertech.com
5. System Auditing—Given the volume of security-related transactions that occur on a system
in a typical day, tools are essential to quickly find the information that deserves your attention.
Recommendations:
• Use the IBM-supplied Security Audit Journal (QAUDJRN) to ensure that important events
are recorded in a non-alterable log.
• Implement PowerTech Compliance Monitor to simplify the task of reviewing audit logs for
relevant events such as object deletions, user ID promotions, and system value changes.
• Implement PowerTech Interact™ to include IBM i security data into your Security Informa-
tion & Event Management (SIEM) solutions that support ISS, CEF, or SYSLOG formats.
6. System Security Values—System values regulate how easy or difficult it is for an outsider to
use or abuse your system. Poorly configured or unmonitored system values are an unacceptable
security risk. Organizations that are unsure of the potential impact may want to consult with
IBM i security professionals before making changes, but a solution should be applied quickly.
Recommendations:
• Define and implement a security policy that incorporates the most secure settings your
environment will tolerate. (Seek professional expertise if you are unsure of the impact of
certain settings.)
• Download PowerTech’s free Open Source Security Policy to help you get started defining
your own policy.
• Run the System Values reports and scorecards in PowerTech Compliance Monitor on a
regular basis to ensure that your system settings match your policy.
22. 2013 State of IBM i Security Study
p. 22
The PowerTech Group
www.powertech.com • info@powertech.com
Appendix I: COBIT
Organizations that start security projects quickly discover that legislation is vague when it
comes to IT security issues. Legislation seldom gives specific actionable recommendations
and never mentions specific platforms like Power Systems running IBM i.
Where should you look when evaluating your business-critical servers?
For SOX, the U.S. Securities and Exchange Commission (SEC) has ruled that management must
evaluate the company’s internal controls over financial reporting using an acceptable, recog-
nized control framework. This requirement for frameworks also applies to the Information
Technology (IT) arms of the organization. Some of the best known standards are COBIT, ISO
27002, and ITIL.
While there is no “golden standard,” most large audit firms now use COBIT as a generally
accepted standard for IT security and internal control practices. Several of the COBIT objectives
that are relevant to security compliance on IBM i servers are outlined here:
DS5.3 Identity Management
Ensure that all users (internal, external, and temporary) and their activity on IT systems
(business application, IT environment, system operations, development and maintenance)
are uniquely identifiable. Enable user identities via authentication mechanisms. Confirm that
user access rights to systems and data are in line with defined and documented business needs
and that job requirements are attached to user identities. Ensure that user access rights are
requested by user management, approved by system owners and implemented by the security
responsible person. Maintain user identities and access rights in a central repository.
Deploy cost-effective technical and procedural measures, and keep them current to establish
user identification, implement authentication and enforce access rights.
DS5.4 User Account Management
Address requesting, establishing, issuing, suspending, modifying, and closing user accounts and
related user privileges with a set of user account management procedures. Include an approval
procedure outlining the data or system owner granting the access privileges. These procedures
should apply for all users, including administrators (privileged users) and internal and external
users, for normal and emergency cases. Rights and obligations relative to access to enterprise
systems and information should be contractually arranged for all types of users. Perform
regular management review of all accounts and related privileges.
DS5.5 Security Testing, Surveillance, and Monitoring
Test and monitor the IT security implementation in a proactive way. IT security should be
reaccredited in a timely manner to ensure that the approved enterprise’s information security
baseline is maintained. A logging and monitoring function will enable the early prevention and/
or detection and subsequent timely reporting of unusual and/or abnormal activities that may
need to be addressed.
23. 2013 State of IBM i Security Study
p. 23
The PowerTech Group
www.powertech.com • info@powertech.com
PO2.3 Data Classification Scheme
Establish a classification scheme that applies throughout the enterprise, based on the criticality
and sensitivity (e.g., public, confidential, top secret) of enterprise data. This scheme includes
details about data ownership, definition of appropriate security levels and protection controls,
and a brief description of data retention and destruction requirements, criticality, and sensitiv-
ity. It should be used as the basis for applying controls such as access controls, archiving, or
encryption.
Appendix II: PowerTech Solutions
As the leading expert in IBM i security, PowerTech has developed an extensive line of powerful
solutions designed to address shortcomings in the operating system, provide advanced func-
tionality in access control and auditing, and ease the cost and burden of maintaining regulatory
compliance.
Table 2 outlines the available security modules and their purpose.
TABLE 2: POWERTECH’S COMPREHENSIVE SUITE OF SECURITY SOLUTIONS
Custom auditing and reporting
Access control by exit programs
Management of privileged users
Real-time security reporting
Real-time database monitoring
Command monitoring and control
Centralized user profile management
24. TEL USA: +1 253-872-7788
TOLL FREE: +1 800-915-7700
TEL UK: +44 (0) 870 120 3148
The PowerTech Group
www.powertech.com • info@powertech.com
Copyright 2013. PowerTech is a registered trademark of Help/Systems, LLC. AS/400
and System i are registered trademarks of IBM. All other product and company names
are trademarks of their respective holders. C051SS3
About the Study Authors
PowerTech is the leading expert in automated security solutions for IBM Power Systems servers,
helping users manage today’s compliance regulations and data privacy threats. Our security
solutions are designed to save your valuable IT resources, giving you ongoing protection and
peace of mind.
Because Power Systems servers often host sensitive corporate data, organizations need to
practice proactive compliance security. As an IBM Advanced Business Partner with over 1,000
customers worldwide, PowerTech understands corporate vulnerability and the risks associated
with data privacy and access control. PowerTech security solutions are the corporate standard
for IBM i security at many major international financial institutions.
PowerTech is a division of Help/Systems, LLC and maintains its corporate headquarters in Eden
Prairie, Minnesota. Founded in 1996 by security experts, PowerTech has demonstrated a proven
commitment to the security and compliance market and leads the industry in raising awareness
of IBM i security issues and solutions.
• PowerTech is a member of the PCI Security Standards Council, a global open standards
body providing guidance to the Payment Card Industry Data Security Standard. PowerTech
works with the council to evolve the PCI DSS and other payment and data protection
standards.
• PowerTech is a member the IBM i Independent Software Vendor (ISV) council.
• PowerTech publishes an Open Source Security Policy for IBM i as a part of its mission to
promote awareness of common security challenges and ensure the integrity and confi-
dentiality of IBM i data.
• PowerTech is authorized to issue continuing professional education (CPE) credits for
IBM i security education by the National Association of State Boards of Accountancy,
Inc. (NASBA).