I have to agree with Tony and many of the others, especially Radislaw's comments about auditors needing to be taught. One has to accept, of course, that many of them are MBAs (!) who work for the Big Auditors, but sadly have never even seen an IBM mainframe system. I first came across these 'specimens' back in the early 80s at a bank, who insited that our mainframes could be vulnerable. I tried to explain that without a password etc, they could not be. 'Blue in the face' came to mind.
I've just thought of something Greg - I'll hire myself as a 'Virus Guru' to come into your company and certify that you cannot be attacked. Should only take about six months. $2K a day alright? Would that satisfy them? :-) All joking aside, it's sad that we have to put up with these uneducated 'auditors' - we have enough to do! ALH -----Original Message----- From: Tony Harminc <t...@harminc.net> To: IBM-MAIN <IBM-MAIN@bama.ua.edu> Sent: Tue, Mar 27, 2012 5:49 pm Subject: Re: Malicious Software Protection On 27 March 2012 11:06, Greg Dorner <gdor...@wpsic.com> wrote: > Our auditors are insisting that we install a product that protects against alicious software (viruses, worms, trojans, etc.). But have they asked you about the powerful and dangerous AMASPZAP yet? hey aren't Real Auditors until they confront you about that. > Does anyone know of a product that does this? I heard that McAfee is coming ut with a z/OS product "later this year", but I called them and they had no dea what I was talking about. One approach is to play stupid the whole way. Malicious software - what is that? Virus? Worm? Trojan? No, I am not ware of any such thing. Could you please give an example of what you re talking about? Ah - you suggest general protection against not yet dentified threats? In your wide experience of auditing other ompanies, what product(s) to do this have you found most commonly in se on z/OS? What is the performance impact of these products? Could ou direct me to some vendor-independent studies of their rice/performance? Etc, etc. Tony H. ---------------------------------------------------------------------- or IBM-MAIN subscribe / signoff / archive access instructions, end email to lists...@bama.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
