Manage Learn to apply best practices and optimize your operations.

Becoming a security officer

IBM System i security expert Rich Loeber says that reading technology publications is one of the keys to learning about computer systems security.

Rich Loeber
This is the second chapter of the Ensuring security on i runbook. The aim of this is to provide AS/400 users advice from security experts for the i on how you can advocate for security in your organization effectively, and what to watch out for, and how to review your System i security situation to ensure it's working as well as it needs to be.

I have been asked several times recently "How did you learn so much about security on the System i?" In this tip,...

I will let you know how I got to this point and, perhaps, it will help you on your journey as well.

All-around computer systems experience
First, you have to remember that I have been working on computer systems since my first job as a data control clerk in 1965. During that time, I've moved through just about every aspect of the computing field from data entry clerk, system operator, programmer, systems analyst, project manager, department manager, independent contractor and software developer.

Ensuring security on i runbook:
Spreading the System i security message
Six common System i security lapses
Is your AS/400 secure?: How a hacker could get valuable information from your system
System i security policy: Time for a check up
System i security report round-up
Along the way, security issues have come up and had to be researched and dealt with. So, I guess some longevity contributes to where I am today. But, old age is not an option to a lot of aspiring security officers for today's System i installations. As I think back over this history, several concepts come to mind that have helped me strengthen my understanding of computer security.

Gathering information
First and foremost, I have found that reading is crucial to staying current on what's going on in the field. This is truer today than it has ever been since things are changing faster now than at any time that I can recall.

I recommend a holistic approach to text selection that includes general computing topics, System i-specific topics and security topics. In today's world, this means reading magazines, Internet publications and technical manuals.

There are several magazines that are still in print for the System i world, although it is hard to know how much longer that will last. Almost all of their content, however, is available on-line at websites maintained by the publishers. Some of these charge a fee for access, but the charges are not prohibitive and the content is generally well worth the price of admission. These publications tend to focus on "what's new" topics, but their archives are a good source of general information that you will find most helpful.

For security topics on your System i, there is nothing better than going to the source .... the security manuals that come with your system. These are available on a CD that came with your system and on-line from the IBM i5/OS Information Center. The current manuals for all supported versions of the operating system are there along with an extensive library on security topics. You can't find better details than looking at these documents from IBM as they tell you exactly how the designers intend for security to be implemented on your system.

Reading the manuals can be tedious, but they're really not that bad. When I'm writing a tip for publication, I often find myself mired in them to get the exact details of how something works according to IBM.

System i discussion forums
Another good way to stay current on what's going on in the System i security field is to participate in an on-line discussions forum, such as David Gibb's midrange.com. You can sign up for quite a few different forums and then just sit back and monitor the traffic via email. The participating group is great at answering questions and you can read about what others are doing. I'm amazed at how much I pick up just by monitoring the email traffic.

So, the first step in improving your understanding of security is reading content from different sources. But reading takes time. I have the luxury these days of being able to set my own schedule and I make time for reading as a priority. You will need to dedicate time during your busy week for this activity. Failure to do so could leave you out of date.

If you have any questions about this topic you can reach me at rich@kisco.com. All email messages will be answered as quickly as possible.

---------------------------
ABOUT THE AUTHOR: Rich Loeber is president of Kisco Information Systems Inc. in Saranac Lake, N.Y. The company is a provider of various security products for the iSeries market.

Dig Deeper on iSeries system and application security

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchDataCenter

Close