QUICK LINKS:

HOME PAGE

CONTACT US

ABOUT US

PRIVACY STATEMENT

INFOSEC AND RACF TRAINING

IT AUDIT AND z/OS AUDIT TRAINING

TRAINING SIGNUP
(cities, dates, form, hotels)

NEWSLETTERS / USER GROUPS

ARTICLES

OTHER INFO SOURCES

ARTICLES FOR SECURITY AND AUDIT PROFESSIONALS

The following articles are available for your review, printing, or downloading. You may select them by clicking on the description below.

• Stu Henderson’s Clear Explanation of Effective z/OS Security Auditing
  a proven security audit program for mainframes with z/OS and MVS
  
  
  
• How to Secure Mainframe FTP ( in the Dec-Jan 2008 ZJournal)
  includes several articles including how to secure FTP on the mainframe
  
  
  
• 21 Things You Didn't Use to Know About RACF, a Technical Update for Auditors
  describes 21 items auditors should be familiar with in order to audit RACF security on an MVS or z/OS system
  
  
  
• An Often Overlooked Security Hole in Enterprise Extender and Mainframe Networks
  describes potential security hole with Enterprise Extender
  
  
  
• Enterprise Extender Security
  describes Enterprise Extender and Related Security Risks
  
  
  
• Full Tape Security from Security Software and Tape Mgt. Software)
  describes how to get full security for tape datasets by using both security software and tape management software
  
  
  
• How to Break Into z/OS Systems (PDF Handout from a Presentation)
  describes techniques for breaking into MVS (z/OS or OS/390) systems and how to protect against them
  
  
  
• Interpreting Output from the RACF SETR LIST Command
  explains the output from this command and recommends how you might want to set its options
  
  
  
• Interpreting Output from the RACF DSMON Utility
  explains the 11 reports provided by this utility and recommends how you might want to set its option for your organization.
  
  
  
• The SERVAUTH Resource Class
  describes the SERVAUTH resource class in RACF (IBM's security software for mainframe computers), which is used to control connections to TCP/IP networks.
  
  
  
• How to Write a Security Policy
  shows you practical considerations for writing a computer security policy for your organization.
  
  
  
• Trends in MVS Security
  shows you the security history and trends in the MVS operating system and helps you to project from them.
  
  
  
• Audit Report Guidelines
  describes guidelines for auditors to consider to make their reports more effective.
  
  
  
• OTHER INFO SOURCES
  provides links to more free useful information sources.