RUGONE Members - Free

Non-Members - $35.00

Payment will be collected at admission in cash or check.

Is your z/OS System Secure?

     Barry Schrager, Xbridge Systems

Replacing BPX.DEFAULT.USER

     Robert S. Hansel, RSH Consulting, Inc.

UNIXPRIV Class

     Robert S. Hansel, RSH Consulting, Inc.

Enhanced z/OS UNIX File System Security

     Frederick Lates III, IBM

RACF & Payment Card Industry (PCI) Standards

     Robert S. Hansel, RSH Consulting, Inc.

Sponsor Presentation: Do You Protect All Your Data? (Do you even know where it all is?)

     Barry Schrager, Xbridge Systems

Abstracts:

Is your z/OS System Secure?

In addition to properly implementing one of the three security systems (ACF2, RACF or Top Secret), you must be assured that there are no vulnerabilities introduced by your system configuration, insufficient controls on your Hardware Management Console, insufficient security controls, system integrity vulnerabilities in IBM and ISV code and even vulnerable code introduced by your own staff. These vulnerabilities would allow an unauthorized user to access and modify your sensitive and protected data.

Replacing BPX.DEFAULT.USER

FACILITY class profile BPX.DEFAULT.USER will be phased out in z/OS 1.14 and along with it the default UNIX UID and GID. Users will require their own UID, and groups will need their own GID. This presentation will examine some of the options, considerations, and potential obstacles in replacing BPX.DEFAULT.USER.

UNIXPRIV Class

Permission to certain UNIXPRIV class profiles can provide users with the ability to perform specific Superuser functions without requiring full Superuser authority. Other UNIXPRIV profiles influence RACF's decision as whether a user is allowed to access a file or directory. This presentation will introduce you to all the UNIXPRIV profiles and discuss how to make best use of them.

Enhanced z/OS UNIX File System Security

This topic will review a new general resource class called FSACCESS, that was introduced in z/OS V1R13 for restricting access to a zFS file system.

RACF & Payment Card Industry (PCI) Data Security Standards

This presentation will introduce you to the PCI Data Security Standards and discuss how RACF must be implemented to comply with their requirements.

Sponsor Presentation: Do You Protect All Your Data? (Do you even know where it all is?)

The great thing about mainframes is that they have been around over 40 years and continue to operate in a compatible manner. The downside of that is that datasets have been proliferating as storage becomes massive and now being measured in Terabytes and even Petabytes. IT staff, both development and QA, and other system users have made their own copies of sensitive data over the years and many of them are still there. PCI DSS standard requires that all locations of PCI data be identified and protected or deleted. But, it’s not only PCI that you should be concerned about! What about PII, HIPAA or company confidential and secret data? The first step in remediating these exposures is discovering the locations of all the data.

Barry Schrager, Xbridge Systems

Barry Schrager is the President of Xbridge Systems and is credited as one of the people who started the concept of data security when he founded and was the first Manager of the SHARE Security Project in 1972. The project delivered a series of requirements to IBM in 1974 including data protection by default and algorithmic grouping of users and resources. When IBM delivered its security product, RACF, in 1976, it did not meet the requirements and IBM told him they were not achievable. So, Barry developed his own security product, ACF2, which met the requirements and was used by customers such as General Motors, the Central Intelligence Agency, the National Security Agency, Britain’s MI-6, the Federal Reserve System and the Executive Office of the President of the United States. To date, ACF2 has generated well over $1 Billion in revenues and when Barry sold the company, SKK, Inc., it had a 60% market share against IBM’s RACF and CA’s Top Secret. Under Barry’s leadership, SKK developed the first VM operating system security product, ACF2/VM, and the first automated Operating System auditing product, Examine/MVS, now known as CA-Auditor. Barry is honored to be selected as a member of the Mainframe Executive Magazine’s Mainframe Hall of Fame.

Frederick Lates III

Frederick Lates is an Advisory Software Engineer at IBM. Fred began his career with IBM in 1978 in computer operations and has worked in many capacity's since. Fred's experience in working 16 years as a MVS systems programmer in support of production manufacturing mainframes, has given him a broad knowledge base. During that time his responsibility included MVS and RACF installation and support for several large scale mainframe environments. For the past 13 years, Fred has been part of the Platform Evaluation Test team (zPET) in Poughkeepsie, who's mission is to test z/OS in a large scale 'customer-like' environment. Fred's testing and support responsibility has included components such as RACF, Unix System Services, IBM Security Key Level Manager and recently z/OS Management Software.

Robert S. Hansel, RSH Consulting, Inc.

Robert S. Hansel is Lead RACF Specialist and founder of RSH Consulting, Inc., a firm he established in 1992 and dedicated to helping clients strengthen their IBM z/OS mainframe access controls by fully exploiting all the capabilities and latest innovations in RACF. He has worked with IBM mainframes since 1976 and in information systems security since 1981. Mr. Hansel began working with RACF in 1986 and has been a RACF administrator, manager, auditor, instructor, developer, and consultant. He has reviewed, implemented, and enhanced RACF controls for insurance firms, financial institutions, utilities, manufacturers, payment card processors, universities, hospitals, and international retailers. Mr. Hansel is especially skilled at redesigning and refining large-scale implementations of RACF using role-based access control concepts. He has created elaborate automated tools to assist clients with RACF administration, database merging, identity management, and quality assurance. Mr. Hansel has also developed and presented training on nearly all aspects of RACF implementation, administration, and auditing.
 

Contact Robert Hansel

 - Phone: 617-969-8211

 - Email: R.Hansel@rshconsulting.com

Advanced Registration is requested to ensure sufficient refreshments are available.

Cancellation of prior reservations should be made on or before Friday, May 11th.

Directions: