+ 1 בתאריך יום ג׳, 14 במאי 2019, 21:29, מאת Alan Altmark < alan_altm...@us.ibm.com>:
> Reading all of these posts has brought out the salient points of IT > security: > > 1. All the technology in the world won't help you if you don't use it. > > 2. Stupid people can outwit a capable machine (SET SECURITY OFF). > > 3. Z security builds on its long history and culture of talented people, > effective processes, and robust products. When all are fully engaged, its > security mechanisms are really hard to beat. > > 4. The bad guys have time on their side, often putting the good guys on > the defensive. The difference between the two is what protects you. The > more places you have those buffers, the better the protection will be. > > 5. Sometimes obscurity is good. Sometimes not. It depends on what you > are hiding and from whom. But don't be upset when your secret is becomes > known. It shouldn't be your only defense. > > 6. When someone possesses valid credentials to a system, only their > activities while using them will tell you if they are Good or Evil. This > is the weakest part of all system security. Humans are vital to IT > security, yet are the weakest link, being both easiest to manipulate and > capable of being compromised. (I've seen the movies; retinal scanners > won't help.) We try to recognize changes in system behavior to know when > something is wrong, yet we pay little attention to human activities. (How > to recognize when your Db2 database is being surreptitiously unloaded in > small bits over a long period of time.) > > 7. The "Z" on the box doesn't make it more secure than any other platform > (no miracles or magic). It does, however, come with an impressive arsenal > that you can use to make it so. I would be comfortable saying that it is > "more securable" than any other general purpose platform. That encompasses > both the types of security services and the difficulty in subverting them. > > 8. Prevention is better than detection, but detection lets us know when > our preventive measures have failed. > > 9. Have you done all that is *commercially reasonable* to protect your > data and your services? All that is possible may not be reasonable in some > contexts, so don't fall into that trap. Understanding your liability (cost > of loss) helps you assess "reasonable". > > 10. Assume that nothing is perfect. (You would be correct.) Bad things > happen to good people. If you detect that, in spite of your best attempts, > the unthinkable has happened, are you prepared to deal with it competently, > calmly, and quickly? > > > Alan Altmark > IBM Systems Lab Services > z/VM Consultant > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
