With Sarbanes-Oxley (hope I have spelt that correctly) and all the other audits we are now being subjected to, this may become a wider issue.
We have been asked a question by our one of our auditing groups about how we protect (read) access to a set of specific production tapes that contain customer information.
Although these tapes are created on TPF, they are catalogued by VM so can be considered in the same way as any other VM tapes.
I have posted a question on the CA Support Connect site to see if they have any ideas but I wondered if there were any other resources that were not automatically checked to which this might apply?
We use RACF as our ESM and I wondered if there was any API interface that could be called by user code to check validity of an access to a resource (I am not aware of such a beast).
btw: because the tapes are catalogued on VM we also have a problem securing them on MVS. RACF dataset protection may be the solution to this as well as we have a shared RACF database (if we can find a way to interface to RACF for this on VM).
I guess we have passive monitoring in that we have audit of who mounts tapes and I don't envy anyone trying to access such data but I guess that it is, nevertheless, a valid question to be asked.
Does anyone have any ideas on this.
Colin Allinson
Amadeus Data Processing
- Secure access to resources Colin Allinson
- Re: Secure access to resources Imler, Steven J
- Re: Secure access to resources Alan Altmark
- Re: Secure access to resources Imler, Steven J
- Re: Secure access to resources Colin Allinson
- Re: Secure access to resources Alan Altmark
- Re: Secure access to resources Imler, Steven J
- Re: Secure access to resources Alan Altmark
