Simplify the way you ensure that IBM i system values are in compliance.

Written by Robin Tatam

Hopefully, you reviewed and configured your System i server's system values as part of your security procedures. If not, you should take the time to familiarize yourself with these values to understand how they impact security. With each new release of the operating system, IBM adds more system values (information about new values is available in the "Memo to Users" at the online Information Center). And once these values are set, you must ensure they stay that way. But manually comparing values is both labor?intensive and error?prone. There are better approaches.

There's a better way to maintain and prove security compliance.

Written by Robin Tatam

If you've ever been one of the unfortunate souls charged with monitoring a computer system for compliance or been asked to generate reports for inquisitive auditors, you know what a huge drain such projects can be on time and resources.

Automated backups help satisfy your auditor.

Written by Tom Huntington

No one likes to be audited, whether it's for SOX, PCI, HIPAA, or some other regulation that you must comply with. When you back up your IBM i data, you need to produce supporting documents that show what you back up, who backed it up, and how you can restore it. The information is available, and you certainly can piece it together manually, but do you really want to do that every time you're audited?

Assess security vulnerabilities on an IBM i server in 15 minutes.

Written by Robin Tatam

Few words strike fear in the heart of senior executives as much as security and compliance. Satisfying stringent audit requirements has become an initiative for companies of every size, in every industry.

Are your powerful users accountable for their actions?

Written by Robin Tatam

One of the greatest challenges an organization faces when securing an IBM i environment is protecting the system from the very people who are charged with its care: programmers, administrators, and security officers. While these power users often need access to restricted objects and commands, they rarely need that level of access 24 hours a day—and definitely not without accountability.

Anti-virus software alone will not keep your system secure.

Written by Christopher Jones 

In the past, I've talked about protecting your IBM server and environment from malicious code threats. While on the surface this involves guarding against viruses, anti-virus software alone cannot meet all needs. You really need a layered approach.

Key threats that we must guard against include viruses, port-scanning worms, patched programs, hackers from outside, and nefarious insiders. Addressing these requires anti-virus software, network security/access control solutions, and physical security.

Don't let your organization's data become inadvertently exposed by changes to your authority scheme.

Written by Carol Woodbury

More organizations are seeing the business requirement to secure critical data. Whether it's human resources information, payroll information, or credit card information, organizations are making the effort to set database access controls to appropriate settings—either "deny by default" (*PUBLIC *EXCLUDE) or "read only" (*PUBLIC *USE).

Alternatively, perhaps you'd rather keep your private data private.

Written by Robin Tatam

The life of the security administrator used to be simple. Application menus insulated the user from the back-end database, and restrictions in a user's profile easily limited access to only a few basic commands. Then things started to get complicated as "dumb terminals" gave way to the more functional personal computer (PC). Spreadsheet applications arrived, and simple file transfers quickly became commonplace. But it was like opening Pandora's Box!