Computer system security is an important concept for businesses in the midrange. The AS/400 is known for its security, but the strength of the security depends on having a good security policy. With increased regulation regarding information, having a sound security policy is imperative to the success of many businesses and organizations. But there may not be a security cheerleader in your company. Your policy may be set up, but is it working as well as it should? As the IBM i continues to play a role in the computing infrastructure at these organizations, increased attention needs to be focused on not only having a sound security policy in place, but ensuring that the policy is working and the i is secure. Here we provide advice from security experts for the iSeries that aim to increase your understanding of how you can advocate for security in your organization effectively and how to review potential gaps in your company's security set-up.
TABLE OF CONTENTS
I. Spreading the system i security message
Security policies at companies large and small can be lax and ineffective. What these companies may be missing is a security "evangelist." This committment to good security is the first step in establishing a good security policy at your company.
II. Becoming a security officer
Once you understand why you need to work hard to keep your system secure, how do you make sure that you are up-to-speed on all the security issues that need attending to? Attending conferences, reading books and informative articles online are all part of building the knowledge base needed to be a good AS/400 security officer.
III. Six common System i security lapses
A good way to know what needs to change in your security policy is through learning from others. A PowerTech Group study of System i servers concluded that almost half of companies surveyed don't follow best practices.
IV. Is your AS/400 secure? How a hacker could get valuable information from your system
In a hypothetical example, learn how a company with an enterprise resource planning (ERP) system and an auto login can be hacked. Is your security set-up hacker-proof?
V. System i security policy: Time for a check up
Once your security policy has been put in place you may feel like the work of a security officer is going to be easy. But, not so fast. With business changes you need to determine changes in policy are needed as a result of new technological implementation. What should you be taking another look at in your AS/400 shop?
VI. System i security report round-up
To aid in your check-up on your security policy, IBM has provided a number of tools to help with this process. Two of these are the System Security Attributes report and the Print Private Authorities report.