Downloaded 55 times
Uploaded byRui Miguel Feio
Implementation of RBAC and Data Classification onto a Mainframe system (v1.5)
The document outlines the implementation of Role-Based Access Control (RBAC) and data classification strategies by RSM Partners, emphasizing the importance of data ownership and compliance. It highlights challenges and benefits associated with data classification and RBAC, including reduced fraud risk and improved security management. The report concludes with contact details for further inquiries.
More Related Content
Similar to Implementation of RBAC and Data Classification onto a Mainframe system (v1.5)
![Security policy(DAS, MAS, PAS) model [in]](https://cdn.slidesharecdn.com/ss_thumbnails/lectureno05-260108015939-e0fede22-thumbnail.jpg?width=640&height=640&fit=bounds)
![Getting Started with Apache Spark: Big Data Made Simple [Free Meetup]](https://cdn.slidesharecdn.com/ss_thumbnails/apachesparkgettingstarted-260203175547-8361bcc3-thumbnail.jpg?width=640&height=640&fit=bounds)
Implementation of RBAC and Data Classification onto a Mainframe system (v1.5)
- 1. Implementation of RBACand Data Classification Steve Tresadern Rui Miguel Feio RSM Partners September 2014 v1.5
- 2. Agenda l Introductions l DataClassification & Ownership l Role-Based Access Control (RBAC) l Maintain the environment l Results l Q&A
- 3. Who are we? l Steve Tresadern l 27 years mainframe experience l Former z/OS Systems Programmer l Experience in Cryptography, RACF, Compliance l Rui Miguel Feio l 15 years mainframe experience l Experience in z/OS, RACF, zSecure, Development l Last 4 years working in Security and implementing RBAC
- 4.
- 5. Data Classification –What is it? l Understanding what your data is Credit Card 11% Sarbanes Oxley 36% Customer - Confidential 16% Development 23% User 14%
- 6. Data Classification –What is it? l Who owns your data Credit Card 7% Insurance 22% HR 13% Branch 27% Systems 9% Development 14% User 8%
- 7. Data Classification –Reasons to do it l Audit requirements l Compliance l Who has privileged access? l Who is accessing confidential information? l Reduce the risk of fraud?
- 8. Data Classification –Aims l Every dataset and resource profile must be; l Classified in terms of confidentiality and integrity. l All linked to an application. l The basic security correctly defined l Understand who has privileged access l All applications have a business/data owner. l Ideally they should approve all access l Review who has access
- 9. Sources for DataClassification RACF Database Naming Standards Access Monitor Support Teams Local Knowledge XBridge Datasniff
- 10. Sources for DataOwnership Data Ownership RACF Database Service Management Support Teams Service Database Local Knowledge
- 11. Data Classification –Challenges l Lack of knowledge in support teams l Development Team Processes l Business areas cooperation l Non-RACF based security l Unravelling of the environment l Service Database – Up to date?
- 12. Data Classification Benefits Reduced Riskof Fraud Who has privileged access Focused Monitoring Recertification Audit Compliance
- 13.
- 14. RBAC – Reasonsto do it l Business organisation keeps changing l Managing the mainframe security environment l Audit requirements l Compliance l Recertification l Remove access not required
- 15. RBAC Common Challenges- I l Historical code l Global Access Table (GAT) l Lack of technical knowledge l Business areas cooperation l Least Privilege access implementation l DB2
- 16. RBAC Common Challenges- II l Recertification tools l Unravelling of the RBAC
- 17. RBAC – DefineStandards and Rules Personal userid connected to one role group Role group describes the business role Role group contains all the access All role groups will have an ‘owner’ Define RBAC Rules
- 18. RBAC - Sourcesof data Sources HR Data RACF Business Org. Chart Phone List Global Address List Local Knowledge Access Monitor
- 19. RBAC Stages –An overview Update/Develop Processes Implement RBAC Test RBAC implementation Devise RBAC implementation plan Engage with managers and users Identify logical grouping Analyse and prepare mainframe environment
- 20. RBAC Implementation Tools l RSM RBAC tool l RSM DB2 RBAC Tools l Access Monitor data l RACF Offline l CARLa code
- 21. RBAC Benefits –Some examples Reduced Risk Fraud Security Management Joiners Movers Leavers Recertification Audit Monitor Who is who Who does what Least Privilege Access
- 22.
- 23. Tools – Maintainthe environment l In-House – Security Panels l IBM zSecure Command Verifier l IBM zSecure z/Alert l RSM - zMonitor l RSM – zDashboard
- 24. Tools – RSMzMonitor
- 25. Tools – RSMzDashboard
- 26.
- 27. Reduction in PrivilegedAccesses 73,669 737,468 0 200,000 400,000 600,000 800,000 After Before
- 28. Reduction in PrivilegedUsers 4,347 12,949 0 2,000 4,000 6,000 8,000 10,000 12,000 14,000 After Before
- 29.
- 30. Contact Details l RuiMiguel Feio - ruif@rsmpartners.com l Steve Tresadern - stevet@rsmpartners.com l RSM Partners - www.rsmpartners.com