Becoming a security officer

Rich Loeber

I have been asked several times recently "How did you learn so much about security on the System i?" In this tip, I will let you know how I got to this point and, perhaps, it will help you on your journey as well.

All-around computer systems experience
First, you have to remember that I have been working on computer systems since my first job as a data control clerk in 1965. During that time, I've moved through just about every aspect of the computing field from data entry clerk, system operator, programmer, systems analyst, project manager, department manager, independent contractor and software developer.

Ensuring security on i runbook: Spreading the System i security message Six common System i security lapses Is your AS/400 secure?: How a hacker could get valuable information from your system System i security policy: Time for a check up System i security report round-up

Along the way, security issues have come up and had to be researched and dealt with. So, I guess some longevity contributes to where I am today. But, old age is not an option to a lot of aspiring security officers for today's System i installations. As I think back over this history, several concepts come to mind that have helped me strengthen my understanding of computer security.

Gathering information
First and foremost, I have found that reading is crucial to staying current on what's going on in the field. This is truer today than it has ever been since things are changing faster now than at any time that I can recall.

I recommend a holistic approach to text selection that includes general computing topics, System i-specific topics and security topics. In today's world, this means reading magazines, Internet publications and technical manuals.

There are several magazines that are still in print for the System i world, although it is hard to know how much longer that will last. Almost all of their content, however, is available on-line at websites maintained by the publishers. Some of these charge a fee for access, but the charges are not prohibitive and the content is generally well worth the price of admission. These publications tend to focus on "what's new" topics, but their archives are a good source of general information that you will find most helpful.

For security topics on your System i, there is nothing better than going to the source .... the security manuals that come with your system. These are available on a CD that came with your system and on-line from the IBM i5/OS Information Center. The current manuals for all supported versions of the operating system are there along with an extensive library on security topics. You can't find better details than looking at these documents from IBM as they tell you exactly how the designers intend for security to be implemented on your system.

Reading the manuals can be tedious, but they're really not that bad. When I'm writing a tip for publication, I often find myself mired in them to get the exact details of how something works according to IBM.

System i discussion forums
Another good way to stay current on what's going on in the System i security field is to participate in an on-line discussions forum, such as David Gibb's midrange.com. You can sign up for quite a few different forums and then just sit back and monitor the traffic via email. The participating group is great at answering questions and you can read about what others are doing. I'm amazed at how much I pick up just by monitoring the email traffic.

So, the first step in improving your understanding of security is reading content from different sources. But reading takes time. I have the luxury these days of being able to set my own schedule and I make time for reading as a priority. You will need to dedicate time during your busy week for this activity. Failure to do so could leave you out of date.

If you have any questions about this topic you can reach me at rich@kisco.com. All email messages will be answered as quickly as possible.

---------------------------
ABOUT THE AUTHOR: Rich Loeber is president of Kisco Information Systems Inc. in Saranac Lake, N.Y. The company is a provider of various security products for the iSeries market.

Rate this Tip To rate tips, you must be a member of Search400.com. Register now to start rating these tips. Log in if you are already a member. Submit a Tip Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT iSeries security tips Developing a security incident response system for System i Tracking remote access users on System i Setting up security for programmers on IBM i Controlling remote access on your IBM i Checking in on your IBM i authorization lists PCI data security standards and the System i Securing the integrated file system on IBM System i Contextual security on IBM i: Limit user profile access Time for a security checkup for your i Security monitoring on IBM i: Watching your super users iSeries system and application security Developing a security incident response system for System i Setting up security for programmers on IBM i Blocking AS/400 DB2 users Trouble accessing IFS path from Win2k3 server Checking in on your IBM i authorization lists Strategies for securing IBM i production files Changing password security levels and upgrading operating systems on the IBM i Determine the value of parameter UPPWEI in the DSPUSRPRF field Define journal code value "K" Modify content within a journal receiver file RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary midrange  (Search400.com) RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.