SlideShare a Scribd company logo

Implementation of RBAC and Data Classification onto a Mainframe system (v1.5)

Rui Miguel Feio
Rui Miguel Feio

A walk through the challenges of implementing a Role-Based Access Control (RBAC) solution and Data Classification on the mainframe. A basic overview of the steps taken, the tools used, the problems encountered and the final benefits.

Technology
1 of 30
Download to read offline
Implementation of RBAC and Data Classification Steve Tresadern Rui Miguel Feio RSM Partners September 2014 v1.5
Agenda l  Introductions l  Data Classification & Ownership l  Role-Based Access Control (RBAC) l  Maintain the environment l  Results l  Q&A
Who are we? l  Steve Tresadern l  27 years mainframe experience l  Former z/OS Systems Programmer l  Experience in Cryptography, RACF, Compliance l  Rui Miguel Feio l  15 years mainframe experience l  Experience in z/OS, RACF, zSecure, Development l  Last 4 years working in Security and implementing RBAC
DATA CLASSIFICATION & OWNERSHIP
Data Classification – What is it? l  Understanding what your data is Credit Card 11% Sarbanes Oxley 36% Customer - Confidential 16% Development 23% User 14%
Data Classification – What is it? l  Who owns your data Credit Card 7% Insurance 22% HR 13% Branch 27% Systems 9% Development 14% User 8%
Data Classification – Reasons to do it l  Audit requirements l  Compliance l  Who has privileged access? l  Who is accessing confidential information? l  Reduce the risk of fraud?
Data Classification – Aims l  Every dataset and resource profile must be; l  Classified in terms of confidentiality and integrity. l  All linked to an application. l  The basic security correctly defined l  Understand who has privileged access l  All applications have a business/data owner. l  Ideally they should approve all access l  Review who has access
Sources for Data Classification RACF Database Naming Standards Access Monitor Support Teams Local Knowledge XBridge Datasniff
Sources for Data Ownership Data Ownership RACF Database Service Management Support Teams Service Database Local Knowledge
Data Classification – Challenges l  Lack of knowledge in support teams l  Development Team Processes l  Business areas cooperation l  Non-RACF based security l  Unravelling of the environment l  Service Database – Up to date?
Data Classification Benefits Reduced Risk of Fraud Who has privileged access Focused Monitoring Recertification Audit Compliance
ROLE-BASED ACCESS CONTROL (RBAC)
RBAC – Reasons to do it l  Business organisation keeps changing l  Managing the mainframe security environment l  Audit requirements l  Compliance l  Recertification l  Remove access not required
RBAC Common Challenges - I l  Historical code l  Global Access Table (GAT) l  Lack of technical knowledge l  Business areas cooperation l  Least Privilege access implementation l  DB2
RBAC Common Challenges - II l  Recertification tools l  Unravelling of the RBAC
RBAC – Define Standards and Rules Personal userid connected to one role group Role group describes the business role Role group contains all the access All role groups will have an ‘owner’ Define RBAC Rules
RBAC - Sources of data Sources HR Data RACF Business Org. Chart Phone List Global Address List Local Knowledge Access Monitor
RBAC Stages – An overview Update/Develop Processes Implement RBAC Test RBAC implementation Devise RBAC implementation plan Engage with managers and users Identify logical grouping Analyse and prepare mainframe environment
RBAC Implementation Tools l  RSM RBAC tool l  RSM DB2 RBAC Tools l  Access Monitor data l  RACF Offline l  CARLa code
RBAC Benefits – Some examples Reduced Risk Fraud Security Management Joiners Movers Leavers Recertification Audit Monitor Who is who Who does what Least Privilege Access
MAINTAINING THE ENVIRONMENT
Tools – Maintain the environment l  In-House – Security Panels l  IBM zSecure Command Verifier l  IBM zSecure z/Alert l  RSM - zMonitor l  RSM – zDashboard
Tools – RSM zMonitor
Tools – RSM zDashboard
RESULTS
Reduction in Privileged Accesses 73,669 737,468 0 200,000 400,000 600,000 800,000 After Before
Reduction in Privileged Users 4,347 12,949 0 2,000 4,000 6,000 8,000 10,000 12,000 14,000 After Before
Questions
Contact Details l  Rui Miguel Feio - ruif@rsmpartners.com l  Steve Tresadern - stevet@rsmpartners.com l  RSM Partners - www.rsmpartners.com

Recommended

E-RBAC Development - A Risk Based Security Architecture Approach
E-RBAC Development - A Risk Based Security Architecture ApproachE-RBAC Development - A Risk Based Security Architecture Approach
E-RBAC Development - A Risk Based Security Architecture Approach
Femi Ashaye
 
Role Based Access Control - Overview
Role Based Access Control - OverviewRole Based Access Control - Overview
Role Based Access Control - Overview
Hitachi ID Systems, Inc.
 
Security Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and ToolsSecurity Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and Tools
Yulian Slobodyan
 
Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CKIntroduction to MITRE ATT&CK
Introduction to MITRE ATT&CK
Arpan Raval
 
NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101
Erick Kish, U.S. Commercial Service
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An Overview
Tandhy Simanjuntak
 
CISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security ConceptsCISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security Concepts
Karthikeyan Dhayalan
 
Tema 2: Análisis de Riesgos
Tema 2: Análisis de RiesgosTema 2: Análisis de Riesgos
Tema 2: Análisis de Riesgos
Francisco Medina
 

Recommended

E-RBAC Development - A Risk Based Security Architecture Approach
E-RBAC Development - A Risk Based Security Architecture ApproachE-RBAC Development - A Risk Based Security Architecture Approach
E-RBAC Development - A Risk Based Security Architecture Approach
Femi Ashaye
 
Role Based Access Control - Overview
Role Based Access Control - OverviewRole Based Access Control - Overview
Role Based Access Control - Overview
Hitachi ID Systems, Inc.
 
Security Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and ToolsSecurity Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and Tools
Yulian Slobodyan
 
Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CKIntroduction to MITRE ATT&CK
Introduction to MITRE ATT&CK
Arpan Raval
 
NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101
Erick Kish, U.S. Commercial Service
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An Overview
Tandhy Simanjuntak
 
CISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security ConceptsCISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security Concepts
Karthikeyan Dhayalan
 
Tema 2: Análisis de Riesgos
Tema 2: Análisis de RiesgosTema 2: Análisis de Riesgos
Tema 2: Análisis de Riesgos
Francisco Medina
 
ISO/IEC 27001 as a Starting Point for GRC
ISO/IEC 27001 as a Starting Point for GRCISO/IEC 27001 as a Starting Point for GRC
ISO/IEC 27001 as a Starting Point for GRC
PECB
 
CISSP 8 Domains.pdf
CISSP 8 Domains.pdfCISSP 8 Domains.pdf
CISSP 8 Domains.pdf
dotco
 
Does Anyone Remember Enterprise Security Architecture?
Does Anyone Remember Enterprise Security Architecture?Does Anyone Remember Enterprise Security Architecture?
Does Anyone Remember Enterprise Security Architecture?
rbrockway
 
Nist 800 82
Nist 800 82Nist 800 82
Nist 800 82
majolic
 
Risk Assessment and Threat Modeling
Risk Assessment and Threat ModelingRisk Assessment and Threat Modeling
Risk Assessment and Threat Modeling
sedukull
 
Role based access control - RBAC
Role based access control - RBACRole based access control - RBAC
Role based access control - RBAC
Ajit Dadresa
 
Introduction: CISSP Certification
Introduction: CISSP CertificationIntroduction: CISSP Certification
Introduction: CISSP Certification
Sam Bowne
 
Cyber security and demonstration of security tools
Cyber security and demonstration of security toolsCyber security and demonstration of security tools
Cyber security and demonstration of security tools
Vicky Fernandes
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applications
Niyas Nazar
 
Intro to Security in SDLC
Intro to Security in SDLCIntro to Security in SDLC
Intro to Security in SDLC
Tjylen Veselyj
 
Cyber Attack Methodologies
Cyber Attack MethodologiesCyber Attack Methodologies
Cyber Attack Methodologies
Geeks Anonymes
 
Secure coding practices
Secure coding practicesSecure coding practices
Secure coding practices
Scott Hurrey
 
What is Penetration Testing?
What is Penetration Testing?What is Penetration Testing?
What is Penetration Testing?
btpsec
 
INCIDENT RESPONSE CONCEPTS
INCIDENT RESPONSE CONCEPTSINCIDENT RESPONSE CONCEPTS
INCIDENT RESPONSE CONCEPTS
Sylvain Martinez
 
Incident response
Incident responseIncident response
Incident response
Anshul Gupta
 
Threat Modelling
Threat ModellingThreat Modelling
Threat Modelling
n|u - The Open Security Community
 
Information Security and the SDLC
Information Security and the SDLCInformation Security and the SDLC
Information Security and the SDLC
BDPA Charlotte - Information Technology Thought Leaders
 
CISSP Cheatsheet.pdf
CISSP Cheatsheet.pdfCISSP Cheatsheet.pdf
CISSP Cheatsheet.pdf
shyedshahriar
 
Threat Modeling In 2021
Threat Modeling In 2021Threat Modeling In 2021
Threat Modeling In 2021
Adam Shostack
 
Cyber Security Incident Response
Cyber Security Incident ResponseCyber Security Incident Response
Cyber Security Incident Response
PECB
 
How to Protect Your Mainframe from Hackers (v1.0)
How to Protect Your Mainframe from Hackers (v1.0)How to Protect Your Mainframe from Hackers (v1.0)
How to Protect Your Mainframe from Hackers (v1.0)
Rui Miguel Feio
 
Mainframe Security - It's not just about your ESM v2.2
Mainframe Security - It's not just about your ESM v2.2Mainframe Security - It's not just about your ESM v2.2
Mainframe Security - It's not just about your ESM v2.2
Rui Miguel Feio
 

More Related Content

What's hot

ISO/IEC 27001 as a Starting Point for GRC
ISO/IEC 27001 as a Starting Point for GRCISO/IEC 27001 as a Starting Point for GRC
ISO/IEC 27001 as a Starting Point for GRC
PECB
 
CISSP 8 Domains.pdf
CISSP 8 Domains.pdfCISSP 8 Domains.pdf
CISSP 8 Domains.pdf
dotco
 
Does Anyone Remember Enterprise Security Architecture?
Does Anyone Remember Enterprise Security Architecture?Does Anyone Remember Enterprise Security Architecture?
Does Anyone Remember Enterprise Security Architecture?
rbrockway
 
Nist 800 82
Nist 800 82Nist 800 82
Nist 800 82
majolic
 
Risk Assessment and Threat Modeling
Risk Assessment and Threat ModelingRisk Assessment and Threat Modeling
Risk Assessment and Threat Modeling
sedukull
 
Role based access control - RBAC
Role based access control - RBACRole based access control - RBAC
Role based access control - RBAC
Ajit Dadresa
 
Introduction: CISSP Certification
Introduction: CISSP CertificationIntroduction: CISSP Certification
Introduction: CISSP Certification
Sam Bowne
 
Cyber security and demonstration of security tools
Cyber security and demonstration of security toolsCyber security and demonstration of security tools
Cyber security and demonstration of security tools
Vicky Fernandes
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applications
Niyas Nazar
 
Intro to Security in SDLC
Intro to Security in SDLCIntro to Security in SDLC
Intro to Security in SDLC
Tjylen Veselyj
 
Cyber Attack Methodologies
Cyber Attack MethodologiesCyber Attack Methodologies
Cyber Attack Methodologies
Geeks Anonymes
 
Secure coding practices
Secure coding practicesSecure coding practices
Secure coding practices
Scott Hurrey
 
What is Penetration Testing?
What is Penetration Testing?What is Penetration Testing?
What is Penetration Testing?
btpsec
 
INCIDENT RESPONSE CONCEPTS
INCIDENT RESPONSE CONCEPTSINCIDENT RESPONSE CONCEPTS
INCIDENT RESPONSE CONCEPTS
Sylvain Martinez
 
Incident response
Incident responseIncident response
Incident response
Anshul Gupta
 
Threat Modelling
Threat ModellingThreat Modelling
Threat Modelling
n|u - The Open Security Community
 
Information Security and the SDLC
Information Security and the SDLCInformation Security and the SDLC
Information Security and the SDLC
BDPA Charlotte - Information Technology Thought Leaders
 
CISSP Cheatsheet.pdf
CISSP Cheatsheet.pdfCISSP Cheatsheet.pdf
CISSP Cheatsheet.pdf
shyedshahriar
 
Threat Modeling In 2021
Threat Modeling In 2021Threat Modeling In 2021
Threat Modeling In 2021
Adam Shostack
 
Cyber Security Incident Response
Cyber Security Incident ResponseCyber Security Incident Response
Cyber Security Incident Response
PECB
 

What's hot (20)

ISO/IEC 27001 as a Starting Point for GRC
ISO/IEC 27001 as a Starting Point for GRCISO/IEC 27001 as a Starting Point for GRC
ISO/IEC 27001 as a Starting Point for GRC
 
CISSP 8 Domains.pdf
CISSP 8 Domains.pdfCISSP 8 Domains.pdf
CISSP 8 Domains.pdf
 
Does Anyone Remember Enterprise Security Architecture?
Does Anyone Remember Enterprise Security Architecture?Does Anyone Remember Enterprise Security Architecture?
Does Anyone Remember Enterprise Security Architecture?
 
Nist 800 82
Nist 800 82Nist 800 82
Nist 800 82
 
Risk Assessment and Threat Modeling
Risk Assessment and Threat ModelingRisk Assessment and Threat Modeling
Risk Assessment and Threat Modeling
 
Role based access control - RBAC
Role based access control - RBACRole based access control - RBAC
Role based access control - RBAC
 
Introduction: CISSP Certification
Introduction: CISSP CertificationIntroduction: CISSP Certification
Introduction: CISSP Certification
 
Cyber security and demonstration of security tools
Cyber security and demonstration of security toolsCyber security and demonstration of security tools
Cyber security and demonstration of security tools
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applications
 
Intro to Security in SDLC
Intro to Security in SDLCIntro to Security in SDLC
Intro to Security in SDLC
 
Cyber Attack Methodologies
Cyber Attack MethodologiesCyber Attack Methodologies
Cyber Attack Methodologies
 
Secure coding practices
Secure coding practicesSecure coding practices
Secure coding practices
 
What is Penetration Testing?
What is Penetration Testing?What is Penetration Testing?
What is Penetration Testing?
 
INCIDENT RESPONSE CONCEPTS
INCIDENT RESPONSE CONCEPTSINCIDENT RESPONSE CONCEPTS
INCIDENT RESPONSE CONCEPTS
 
Incident response
Incident responseIncident response
Incident response
 
Threat Modelling
Threat ModellingThreat Modelling
Threat Modelling
 
Information Security and the SDLC
Information Security and the SDLCInformation Security and the SDLC
Information Security and the SDLC
 
CISSP Cheatsheet.pdf
CISSP Cheatsheet.pdfCISSP Cheatsheet.pdf
CISSP Cheatsheet.pdf
 
Threat Modeling In 2021
Threat Modeling In 2021Threat Modeling In 2021
Threat Modeling In 2021
 
Cyber Security Incident Response
Cyber Security Incident ResponseCyber Security Incident Response
Cyber Security Incident Response
 

Viewers also liked

How to Protect Your Mainframe from Hackers (v1.0)
How to Protect Your Mainframe from Hackers (v1.0)How to Protect Your Mainframe from Hackers (v1.0)
How to Protect Your Mainframe from Hackers (v1.0)
Rui Miguel Feio
 
Mainframe Security - It's not just about your ESM v2.2
Mainframe Security - It's not just about your ESM v2.2Mainframe Security - It's not just about your ESM v2.2
Mainframe Security - It's not just about your ESM v2.2
Rui Miguel Feio
 
Share 2015 - 5 Myths that can put your Mainframe at risk (v1.3)
Share 2015 - 5 Myths that can put your Mainframe at risk (v1.3)Share 2015 - 5 Myths that can put your Mainframe at risk (v1.3)
Share 2015 - 5 Myths that can put your Mainframe at risk (v1.3)
Rui Miguel Feio
 
Cyber security and the mainframe (v1.3)
Cyber security and the mainframe (v1.3)Cyber security and the mainframe (v1.3)
Cyber security and the mainframe (v1.3)
Rui Miguel Feio
 
Aiim 2010 roadshow - 8 things you should know about open source ecm - nuxeo (2)
Aiim 2010 roadshow - 8 things you should know about open source ecm - nuxeo (2)Aiim 2010 roadshow - 8 things you should know about open source ecm - nuxeo (2)
Aiim 2010 roadshow - 8 things you should know about open source ecm - nuxeo (2)
Nuxeo
 
How to Improve RACF Performance (v0.2 - 2016)
How to Improve RACF Performance (v0.2 - 2016)How to Improve RACF Performance (v0.2 - 2016)
How to Improve RACF Performance (v0.2 - 2016)
Rui Miguel Feio
 
2017 - Cibersecurity v1.0 (English version)
2017 - Cibersecurity v1.0 (English version)2017 - Cibersecurity v1.0 (English version)
2017 - Cibersecurity v1.0 (English version)
Rui Miguel Feio
 
Webinar: Data Classification - Closing the Gap between Enterprise and SAP Data
Webinar: Data Classification - Closing the Gap between Enterprise and SAP DataWebinar: Data Classification - Closing the Gap between Enterprise and SAP Data
Webinar: Data Classification - Closing the Gap between Enterprise and SAP Data
UL Transaction Security
 
Cyber Crime - The New World Order (v1.0 - 2016)
Cyber Crime - The New World Order (v1.0 - 2016)Cyber Crime - The New World Order (v1.0 - 2016)
Cyber Crime - The New World Order (v1.0 - 2016)
Rui Miguel Feio
 
Nuxeo at 10
Nuxeo at 10Nuxeo at 10
Nuxeo at 10
Stefane Fermigier
 
RACF - The Basics (v1.2)
RACF - The Basics (v1.2)RACF - The Basics (v1.2)
RACF - The Basics (v1.2)
Rui Miguel Feio
 
NIST CSD Cybersecurity Publications 20160417
NIST CSD Cybersecurity Publications 20160417NIST CSD Cybersecurity Publications 20160417
NIST CSD Cybersecurity Publications 20160417
James W. De Rienzo
 
Big Data Final Presentation
Big Data Final PresentationBig Data Final Presentation
Big Data Final Presentation
17aroumougamh
 
Enterprise Data Governance for Financial Institutions
Enterprise Data Governance for Financial InstitutionsEnterprise Data Governance for Financial Institutions
Enterprise Data Governance for Financial Institutions
Sheldon McCarthy
 
Data Classification Presentation
Data Classification PresentationData Classification Presentation
Data Classification Presentation
Derroylo
 
Implementing a Data Lake with Enterprise Grade Data Governance
Implementing a Data Lake with Enterprise Grade Data GovernanceImplementing a Data Lake with Enterprise Grade Data Governance
Implementing a Data Lake with Enterprise Grade Data Governance
Hortonworks
 
Classification of data
Classification of dataClassification of data
Classification of data
Jay Pardasani
 

Viewers also liked (17)

How to Protect Your Mainframe from Hackers (v1.0)
How to Protect Your Mainframe from Hackers (v1.0)How to Protect Your Mainframe from Hackers (v1.0)
How to Protect Your Mainframe from Hackers (v1.0)
 
Mainframe Security - It's not just about your ESM v2.2
Mainframe Security - It's not just about your ESM v2.2Mainframe Security - It's not just about your ESM v2.2
Mainframe Security - It's not just about your ESM v2.2
 
Share 2015 - 5 Myths that can put your Mainframe at risk (v1.3)
Share 2015 - 5 Myths that can put your Mainframe at risk (v1.3)Share 2015 - 5 Myths that can put your Mainframe at risk (v1.3)
Share 2015 - 5 Myths that can put your Mainframe at risk (v1.3)
 
Cyber security and the mainframe (v1.3)
Cyber security and the mainframe (v1.3)Cyber security and the mainframe (v1.3)
Cyber security and the mainframe (v1.3)
 
Aiim 2010 roadshow - 8 things you should know about open source ecm - nuxeo (2)
Aiim 2010 roadshow - 8 things you should know about open source ecm - nuxeo (2)Aiim 2010 roadshow - 8 things you should know about open source ecm - nuxeo (2)
Aiim 2010 roadshow - 8 things you should know about open source ecm - nuxeo (2)
 
How to Improve RACF Performance (v0.2 - 2016)
How to Improve RACF Performance (v0.2 - 2016)How to Improve RACF Performance (v0.2 - 2016)
How to Improve RACF Performance (v0.2 - 2016)
 
2017 - Cibersecurity v1.0 (English version)
2017 - Cibersecurity v1.0 (English version)2017 - Cibersecurity v1.0 (English version)
2017 - Cibersecurity v1.0 (English version)
 
Webinar: Data Classification - Closing the Gap between Enterprise and SAP Data
Webinar: Data Classification - Closing the Gap between Enterprise and SAP DataWebinar: Data Classification - Closing the Gap between Enterprise and SAP Data
Webinar: Data Classification - Closing the Gap between Enterprise and SAP Data
 
Cyber Crime - The New World Order (v1.0 - 2016)
Cyber Crime - The New World Order (v1.0 - 2016)Cyber Crime - The New World Order (v1.0 - 2016)
Cyber Crime - The New World Order (v1.0 - 2016)
 
Nuxeo at 10
Nuxeo at 10Nuxeo at 10
Nuxeo at 10
 
RACF - The Basics (v1.2)
RACF - The Basics (v1.2)RACF - The Basics (v1.2)
RACF - The Basics (v1.2)
 
NIST CSD Cybersecurity Publications 20160417
NIST CSD Cybersecurity Publications 20160417NIST CSD Cybersecurity Publications 20160417
NIST CSD Cybersecurity Publications 20160417
 
Big Data Final Presentation
Big Data Final PresentationBig Data Final Presentation
Big Data Final Presentation
 
Enterprise Data Governance for Financial Institutions
Enterprise Data Governance for Financial InstitutionsEnterprise Data Governance for Financial Institutions
Enterprise Data Governance for Financial Institutions
 
Data Classification Presentation
Data Classification PresentationData Classification Presentation
Data Classification Presentation
 
Implementing a Data Lake with Enterprise Grade Data Governance
Implementing a Data Lake with Enterprise Grade Data GovernanceImplementing a Data Lake with Enterprise Grade Data Governance
Implementing a Data Lake with Enterprise Grade Data Governance
 
Classification of data
Classification of dataClassification of data
Classification of data
 

Similar to Implementation of RBAC and Data Classification onto a Mainframe system (v1.5)

Adaptive & Unified Approach to Risk Management & Compliance-via-ccf
Adaptive & Unified Approach to Risk Management & Compliance-via-ccfAdaptive & Unified Approach to Risk Management & Compliance-via-ccf
Adaptive & Unified Approach to Risk Management & Compliance-via-ccf
awish11
 
A successful application security program - Envision build and scale
A successful application security program - Envision build and scaleA successful application security program - Envision build and scale
A successful application security program - Envision build and scale
Priyanka Aash
 
Minds Solvit Profile
Minds Solvit ProfileMinds Solvit Profile
Minds Solvit Profile
Doddappa S. Nisty
 
OIA administration
OIA administrationOIA administration
OIA administration
techmeonline
 
FedRAMP Certification & FedRAMP Marketplace
FedRAMP Certification & FedRAMP MarketplaceFedRAMP Certification & FedRAMP Marketplace
FedRAMP Certification & FedRAMP Marketplace
ControlCase
 
Sap Security Assessment V3 English
Sap Security Assessment V3 EnglishSap Security Assessment V3 English
Sap Security Assessment V3 English
guest5bd7a1
 
Bringing the Cloud Back to Earth
Bringing the Cloud Back to EarthBringing the Cloud Back to Earth
Bringing the Cloud Back to Earth
Sri Chalasani
 
SAP security made easy
SAP security made easySAP security made easy
SAP security made easy
ERPScan
 
Comcast, Integra LifeSciences, LPL Financial, and Smucker's - Doing Your ERP ...
Comcast, Integra LifeSciences, LPL Financial, and Smucker's - Doing Your ERP ...Comcast, Integra LifeSciences, LPL Financial, and Smucker's - Doing Your ERP ...
Comcast, Integra LifeSciences, LPL Financial, and Smucker's - Doing Your ERP ...
Oracle
 
Introduction of Secure Software Development Lifecycle
Introduction of Secure Software Development LifecycleIntroduction of Secure Software Development Lifecycle
Introduction of Secure Software Development Lifecycle
Rishi Kant
 
Cybersecurity Program Assessment Services
Cybersecurity Program Assessment ServicesCybersecurity Program Assessment Services
Cybersecurity Program Assessment Services
Michael Corcoran, CPA
 
Pactera - Cloud, Application, Cyber Security Trend 2016
Pactera - Cloud, Application, Cyber Security Trend 2016Pactera - Cloud, Application, Cyber Security Trend 2016
Pactera - Cloud, Application, Cyber Security Trend 2016
Kyle Lai
 
G05.2013 gartner top security trends
G05.2013 gartner top security trendsG05.2013 gartner top security trends
G05.2013 gartner top security trends
Satya Harish
 
Oneview Pipeline IM
Oneview Pipeline IMOneview Pipeline IM
Oneview Pipeline IM
Ron Elias
 
The Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your StoryThe Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your Story
Priyanka Aash
 
The Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your StoryThe Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your Story
Priyanka Aash
 
Preparing for Systems of Record in the Cloud - AWS Summit Sydney
Preparing for Systems of Record in the Cloud - AWS Summit SydneyPreparing for Systems of Record in the Cloud - AWS Summit Sydney
Preparing for Systems of Record in the Cloud - AWS Summit Sydney
Amazon Web Services
 
Reduce the Burden Of Managing SAP With Enterprise Identity Management
Reduce the Burden Of Managing SAP With Enterprise Identity ManagementReduce the Burden Of Managing SAP With Enterprise Identity Management
Reduce the Burden Of Managing SAP With Enterprise Identity Management
SBWebinars
 
Secure SDLC Framework
Secure SDLC FrameworkSecure SDLC Framework
Secure SDLC Framework
Rishi Kant
 
Ten Things You Should not Forget in Mainframe Security
Ten Things You Should not Forget in Mainframe Security Ten Things You Should not Forget in Mainframe Security
Ten Things You Should not Forget in Mainframe Security
CA Technologies
 

Similar to Implementation of RBAC and Data Classification onto a Mainframe system (v1.5) (20)

Adaptive & Unified Approach to Risk Management & Compliance-via-ccf
Adaptive & Unified Approach to Risk Management & Compliance-via-ccfAdaptive & Unified Approach to Risk Management & Compliance-via-ccf
Adaptive & Unified Approach to Risk Management & Compliance-via-ccf
 
A successful application security program - Envision build and scale
A successful application security program - Envision build and scaleA successful application security program - Envision build and scale
A successful application security program - Envision build and scale
 
Minds Solvit Profile
Minds Solvit ProfileMinds Solvit Profile
Minds Solvit Profile
 
OIA administration
OIA administrationOIA administration
OIA administration
 
FedRAMP Certification & FedRAMP Marketplace
FedRAMP Certification & FedRAMP MarketplaceFedRAMP Certification & FedRAMP Marketplace
FedRAMP Certification & FedRAMP Marketplace
 
Sap Security Assessment V3 English
Sap Security Assessment V3 EnglishSap Security Assessment V3 English
Sap Security Assessment V3 English
 
Bringing the Cloud Back to Earth
Bringing the Cloud Back to EarthBringing the Cloud Back to Earth
Bringing the Cloud Back to Earth
 
SAP security made easy
SAP security made easySAP security made easy
SAP security made easy
 
Comcast, Integra LifeSciences, LPL Financial, and Smucker's - Doing Your ERP ...
Comcast, Integra LifeSciences, LPL Financial, and Smucker's - Doing Your ERP ...Comcast, Integra LifeSciences, LPL Financial, and Smucker's - Doing Your ERP ...
Comcast, Integra LifeSciences, LPL Financial, and Smucker's - Doing Your ERP ...
 
Introduction of Secure Software Development Lifecycle
Introduction of Secure Software Development LifecycleIntroduction of Secure Software Development Lifecycle
Introduction of Secure Software Development Lifecycle
 
Cybersecurity Program Assessment Services
Cybersecurity Program Assessment ServicesCybersecurity Program Assessment Services
Cybersecurity Program Assessment Services
 
Pactera - Cloud, Application, Cyber Security Trend 2016
Pactera - Cloud, Application, Cyber Security Trend 2016Pactera - Cloud, Application, Cyber Security Trend 2016
Pactera - Cloud, Application, Cyber Security Trend 2016
 
G05.2013 gartner top security trends
G05.2013 gartner top security trendsG05.2013 gartner top security trends
G05.2013 gartner top security trends
 
Oneview Pipeline IM
Oneview Pipeline IMOneview Pipeline IM
Oneview Pipeline IM
 
The Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your StoryThe Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your Story
 
The Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your StoryThe Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your Story
 
Preparing for Systems of Record in the Cloud - AWS Summit Sydney
Preparing for Systems of Record in the Cloud - AWS Summit SydneyPreparing for Systems of Record in the Cloud - AWS Summit Sydney
Preparing for Systems of Record in the Cloud - AWS Summit Sydney
 
Reduce the Burden Of Managing SAP With Enterprise Identity Management
Reduce the Burden Of Managing SAP With Enterprise Identity ManagementReduce the Burden Of Managing SAP With Enterprise Identity Management
Reduce the Burden Of Managing SAP With Enterprise Identity Management
 
Secure SDLC Framework
Secure SDLC FrameworkSecure SDLC Framework
Secure SDLC Framework
 
Ten Things You Should not Forget in Mainframe Security
Ten Things You Should not Forget in Mainframe Security Ten Things You Should not Forget in Mainframe Security
Ten Things You Should not Forget in Mainframe Security
 

More from Rui Miguel Feio

(2019) Hack All the Way Through From Fridge to Mainframe (v0.2)
(2019) Hack All the Way Through From Fridge to Mainframe (v0.2)(2019) Hack All the Way Through From Fridge to Mainframe (v0.2)
(2019) Hack All the Way Through From Fridge to Mainframe (v0.2)
Rui Miguel Feio
 
(2017) GDPR – What Does It Mean For The Mainframe v0.2
(2017) GDPR – What Does It Mean For The Mainframe v0.2(2017) GDPR – What Does It Mean For The Mainframe v0.2
(2017) GDPR – What Does It Mean For The Mainframe v0.2
Rui Miguel Feio
 
(2017) Cybercrime, Inc. (v3.2)
(2017) Cybercrime, Inc. (v3.2)(2017) Cybercrime, Inc. (v3.2)
(2017) Cybercrime, Inc. (v3.2)
Rui Miguel Feio
 
2017 - A New Look at Mainframe Hacking and Penetration Testing v2.2
2017 - A New Look at Mainframe Hacking and Penetration Testing v2.22017 - A New Look at Mainframe Hacking and Penetration Testing v2.2
2017 - A New Look at Mainframe Hacking and Penetration Testing v2.2
Rui Miguel Feio
 
2017 - Data Privacy and GDPR (v1.1)
2017 - Data Privacy and GDPR (v1.1)2017 - Data Privacy and GDPR (v1.1)
2017 - Data Privacy and GDPR (v1.1)
Rui Miguel Feio
 
Network and Endpoint Security v1.0 (2017)
Network and Endpoint Security v1.0 (2017)Network and Endpoint Security v1.0 (2017)
Network and Endpoint Security v1.0 (2017)
Rui Miguel Feio
 
2017 - Ciberseguranca v1.0 (versao em Portugues)
2017 - Ciberseguranca v1.0 (versao em Portugues)2017 - Ciberseguranca v1.0 (versao em Portugues)
2017 - Ciberseguranca v1.0 (versao em Portugues)
Rui Miguel Feio
 
Tackling the cyber security threat (2016 - v1.0)
Tackling the cyber security threat (2016 - v1.0)Tackling the cyber security threat (2016 - v1.0)
Tackling the cyber security threat (2016 - v1.0)
Rui Miguel Feio
 
Security Audit on the Mainframe (v1.0 - 2016)
Security Audit on the Mainframe (v1.0 - 2016)Security Audit on the Mainframe (v1.0 - 2016)
Security Audit on the Mainframe (v1.0 - 2016)
Rui Miguel Feio
 
Cybercrime Inc. v2.2
Cybercrime Inc. v2.2Cybercrime Inc. v2.2
Cybercrime Inc. v2.2
Rui Miguel Feio
 
Challenges of Outsourcing the Mainframe (v1.2)
Challenges of Outsourcing the Mainframe (v1.2)Challenges of Outsourcing the Mainframe (v1.2)
Challenges of Outsourcing the Mainframe (v1.2)
Rui Miguel Feio
 
IOT & BYOD – The New Security Risks (v1.1)
IOT & BYOD – The New Security Risks (v1.1)IOT & BYOD – The New Security Risks (v1.1)
IOT & BYOD – The New Security Risks (v1.1)
Rui Miguel Feio
 
The Billion Dollar Product - Online Privacy (v2.2)
The Billion Dollar Product - Online Privacy (v2.2)The Billion Dollar Product - Online Privacy (v2.2)
The Billion Dollar Product - Online Privacy (v2.2)
Rui Miguel Feio
 

More from Rui Miguel Feio (13)

(2019) Hack All the Way Through From Fridge to Mainframe (v0.2)
(2019) Hack All the Way Through From Fridge to Mainframe (v0.2)(2019) Hack All the Way Through From Fridge to Mainframe (v0.2)
(2019) Hack All the Way Through From Fridge to Mainframe (v0.2)
 
(2017) GDPR – What Does It Mean For The Mainframe v0.2
(2017) GDPR – What Does It Mean For The Mainframe v0.2(2017) GDPR – What Does It Mean For The Mainframe v0.2
(2017) GDPR – What Does It Mean For The Mainframe v0.2
 
(2017) Cybercrime, Inc. (v3.2)
(2017) Cybercrime, Inc. (v3.2)(2017) Cybercrime, Inc. (v3.2)
(2017) Cybercrime, Inc. (v3.2)
 
2017 - A New Look at Mainframe Hacking and Penetration Testing v2.2
2017 - A New Look at Mainframe Hacking and Penetration Testing v2.22017 - A New Look at Mainframe Hacking and Penetration Testing v2.2
2017 - A New Look at Mainframe Hacking and Penetration Testing v2.2
 
2017 - Data Privacy and GDPR (v1.1)
2017 - Data Privacy and GDPR (v1.1)2017 - Data Privacy and GDPR (v1.1)
2017 - Data Privacy and GDPR (v1.1)
 
Network and Endpoint Security v1.0 (2017)
Network and Endpoint Security v1.0 (2017)Network and Endpoint Security v1.0 (2017)
Network and Endpoint Security v1.0 (2017)
 
2017 - Ciberseguranca v1.0 (versao em Portugues)
2017 - Ciberseguranca v1.0 (versao em Portugues)2017 - Ciberseguranca v1.0 (versao em Portugues)
2017 - Ciberseguranca v1.0 (versao em Portugues)
 
Tackling the cyber security threat (2016 - v1.0)
Tackling the cyber security threat (2016 - v1.0)Tackling the cyber security threat (2016 - v1.0)
Tackling the cyber security threat (2016 - v1.0)
 
Security Audit on the Mainframe (v1.0 - 2016)
Security Audit on the Mainframe (v1.0 - 2016)Security Audit on the Mainframe (v1.0 - 2016)
Security Audit on the Mainframe (v1.0 - 2016)
 
Cybercrime Inc. v2.2
Cybercrime Inc. v2.2Cybercrime Inc. v2.2
Cybercrime Inc. v2.2
 
Challenges of Outsourcing the Mainframe (v1.2)
Challenges of Outsourcing the Mainframe (v1.2)Challenges of Outsourcing the Mainframe (v1.2)
Challenges of Outsourcing the Mainframe (v1.2)
 
IOT & BYOD – The New Security Risks (v1.1)
IOT & BYOD – The New Security Risks (v1.1)IOT & BYOD – The New Security Risks (v1.1)
IOT & BYOD – The New Security Risks (v1.1)
 
The Billion Dollar Product - Online Privacy (v2.2)
The Billion Dollar Product - Online Privacy (v2.2)The Billion Dollar Product - Online Privacy (v2.2)
The Billion Dollar Product - Online Privacy (v2.2)
 

Recently uploaded

Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
tolgahangng
 
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxOcean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
SitimaJohn
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
Pixlogix Infotech
 
dbms calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdfdbms calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdf
Shinana2
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
Zilliz
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Malak Abu Hammad
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
panagenda
 
Recommendation System using RAG Architecture
Recommendation System using RAG ArchitectureRecommendation System using RAG Architecture
Recommendation System using RAG Architecture
fredae14
 
GenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizationsGenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizations
kumardaparthi1024
 
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Jeffrey Haguewood
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
Zilliz
 
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
System Design Case Study: Building a Scalable E-Commerce Platform - HiikeSystem Design Case Study: Building a Scalable E-Commerce Platform - Hiike
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
Hiike
 
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
akankshawande
 
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
saastr
 
UI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentationUI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentation
Wouter Lemaire
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
Hiroshi SHIBATA
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
Tomaz Bratanic
 
WeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation TechniquesWeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation Techniques
Postman
 
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Tatiana Kojar
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
Jason Packer
 

Recently uploaded (20)

Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
 
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxOcean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
 
dbms calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdfdbms calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdf
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
 
Recommendation System using RAG Architecture
Recommendation System using RAG ArchitectureRecommendation System using RAG Architecture
Recommendation System using RAG Architecture
 
GenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizationsGenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizations
 
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
 
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
System Design Case Study: Building a Scalable E-Commerce Platform - HiikeSystem Design Case Study: Building a Scalable E-Commerce Platform - Hiike
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
 
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
 
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
 
UI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentationUI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentation
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
 
WeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation TechniquesWeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation Techniques
 
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
 

Implementation of RBAC and Data Classification onto a Mainframe system (v1.5)

  • 1. Implementation of RBAC and Data Classification Steve Tresadern Rui Miguel Feio RSM Partners September 2014 v1.5
  • 2. Agenda l  Introductions l  Data Classification & Ownership l  Role-Based Access Control (RBAC) l  Maintain the environment l  Results l  Q&A
  • 3. Who are we? l  Steve Tresadern l  27 years mainframe experience l  Former z/OS Systems Programmer l  Experience in Cryptography, RACF, Compliance l  Rui Miguel Feio l  15 years mainframe experience l  Experience in z/OS, RACF, zSecure, Development l  Last 4 years working in Security and implementing RBAC
  • 5. Data Classification – What is it? l  Understanding what your data is Credit Card 11% Sarbanes Oxley 36% Customer - Confidential 16% Development 23% User 14%
  • 6. Data Classification – What is it? l  Who owns your data Credit Card 7% Insurance 22% HR 13% Branch 27% Systems 9% Development 14% User 8%
  • 7. Data Classification – Reasons to do it l  Audit requirements l  Compliance l  Who has privileged access? l  Who is accessing confidential information? l  Reduce the risk of fraud?
  • 8. Data Classification – Aims l  Every dataset and resource profile must be; l  Classified in terms of confidentiality and integrity. l  All linked to an application. l  The basic security correctly defined l  Understand who has privileged access l  All applications have a business/data owner. l  Ideally they should approve all access l  Review who has access
  • 9. Sources for Data Classification RACF Database Naming Standards Access Monitor Support Teams Local Knowledge XBridge Datasniff
  • 10. Sources for Data Ownership Data Ownership RACF Database Service Management Support Teams Service Database Local Knowledge
  • 11. Data Classification – Challenges l  Lack of knowledge in support teams l  Development Team Processes l  Business areas cooperation l  Non-RACF based security l  Unravelling of the environment l  Service Database – Up to date?
  • 12. Data Classification Benefits Reduced Risk of Fraud Who has privileged access Focused Monitoring Recertification Audit Compliance
  • 14. RBAC – Reasons to do it l  Business organisation keeps changing l  Managing the mainframe security environment l  Audit requirements l  Compliance l  Recertification l  Remove access not required
  • 15. RBAC Common Challenges - I l  Historical code l  Global Access Table (GAT) l  Lack of technical knowledge l  Business areas cooperation l  Least Privilege access implementation l  DB2
  • 16. RBAC Common Challenges - II l  Recertification tools l  Unravelling of the RBAC
  • 17. RBAC – Define Standards and Rules Personal userid connected to one role group Role group describes the business role Role group contains all the access All role groups will have an ‘owner’ Define RBAC Rules
  • 18. RBAC - Sources of data Sources HR Data RACF Business Org. Chart Phone List Global Address List Local Knowledge Access Monitor
  • 19. RBAC Stages – An overview Update/Develop Processes Implement RBAC Test RBAC implementation Devise RBAC implementation plan Engage with managers and users Identify logical grouping Analyse and prepare mainframe environment
  • 20. RBAC Implementation Tools l  RSM RBAC tool l  RSM DB2 RBAC Tools l  Access Monitor data l  RACF Offline l  CARLa code
  • 21. RBAC Benefits – Some examples Reduced Risk Fraud Security Management Joiners Movers Leavers Recertification Audit Monitor Who is who Who does what Least Privilege Access
  • 23. Tools – Maintain the environment l  In-House – Security Panels l  IBM zSecure Command Verifier l  IBM zSecure z/Alert l  RSM - zMonitor l  RSM – zDashboard
  • 24. Tools – RSM zMonitor
  • 25. Tools – RSM zDashboard
  • 27. Reduction in Privileged Accesses 73,669 737,468 0 200,000 400,000 600,000 800,000 After Before
  • 28. Reduction in Privileged Users 4,347 12,949 0 2,000 4,000 6,000 8,000 10,000 12,000 14,000 After Before
  • 30. Contact Details l  Rui Miguel Feio - ruif@rsmpartners.com l  Steve Tresadern - stevet@rsmpartners.com l  RSM Partners - www.rsmpartners.com