Tom, as Mike said there are a lot of companies I know of that are using "CMS" applications for day to day work and the DATA resides on "VM"
they are using "FOCUS" for report generation , as well as "MAILBOOK" for e-mail and interoffice file transfers , and some are using VM:Backup and VM:Archive and the Shared File System for numerous versions of Source Code like GDG's on TSO and submitting their compiles and assembles to VM:Batch for processing. There is still a lot of WORK being done on "VM" and these companies are not running any other "OS" as a guest of these "VM" systems. They might and do have other "VM"'s for running LINUX or "VSE" . Granted it is a vast minority of what it was 10, 15, and 20 years ago. munson From: Tom Huegel <tehue...@gmail.com> To: IBMVM@LISTSERV.UARK.EDU Date: 12/10/2010 09:16 AM Subject: Re: Vswitch Grant as a CMD in User's Directory? Sent by: The IBM z/VM Operating System <IBMVM@LISTSERV.UARK.EDU> Does anyone run applications in z/VM? Isn't the 'protected data' owned by some other OS (z/OS, z/VSE, zLINUX). It seems that the high level security effort belongs in those OS's. z/VM just needs to keep those systems isolated and NOT be able to circumvent their security procedures. On Fri, Dec 10, 2010 at 2:46 AM, Les Koehler <vmr...@tampabay.rr.com> wrote: Back in the old days, I recall a finance type person saying something like: The Gold Standard is that it should take collusion between two or more people to defraud the company. If we apply that to IT, then shouldn't pswds for privileged userids that can access/change financial data be long enough that TWO sysprogs can each be given half a pswd so they both have to be present to make a change? Les Alan Altmark wrote: On Thursday, 12/09/2010 at 12:01 EST, Tom Huegel <tehue...@gmail.com> wrote: Does it really matter? SOX is just another way congress has come up with to destroy the American economy, and in fact the American way of life. When you read the law, you find that SOX is "simply" a way to hold executives responsible for the financial statements issued by their companies. Assuming no ill intent (no comments, please!), that means trustworthy data. That flows downhill, as all such things must, until we start talking about access controls and audit mechanisms for financial data. That is, knowing who has the means and the opportunity to access the data, and knowing who has actually done so. (I leave it to others to talk about motive.) Who, what, where, when. Unfortunately, IT security industry consultants have mangled this laudable concept into a paranoia-inducing behemoth that has people screaming in terror as it rampages across the country, flogging every sysadmin in its path. Why? Because financial status is inferred from many other data sources and no one wants to spend the time it takes to follow all the data flows. Result: Secure Everything. With HIPAA and PCI running alongside, the "Secure Everything" policy looks even more reasonable to CEOs, CIOs, CFOs, and their lawyers. Alan Altmark z/VM and Linux on System z Consultant IBM System Lab Services and Training ibm.com/systems/services/labservices office: 607.429.3323 alan_altm...@us.ibm.com IBM Endicott *************************** IMPORTANT NOTE*****************************-- The opinions expressed in this message and/or any attachments are those of the author and not necessarily those of Brown Brothers Harriman & Co., its subsidiaries and affiliates ("BBH"). There is no guarantee that this message is either private or confidential, and it may have been altered by unauthorized sources without your or our knowledge. Nothing in the message is capable or intended to create any legally binding obligations on either party and it is not intended to provide legal advice. BBH accepts no responsibility for loss or damage from its use, including damage from virus. ********************************************************************************