On Monday, 05/19/2008 at 01:26 EDT, "McKown, John" <[EMAIL PROTECTED]> wrote:
> Personal opinion time, doning Security Admin hat: There is NO way that I > would allow a Linux system to directly access my z/OS datasets. Why? No > ability to audit. No ability to restrict access and prove that access > was restricted to authorized users (thinking of HIPAA data). > > Now, I __might__ consider it if only a very few z/OS volumes were even > accessable from the Linux system and I could assure myself that the > datasets on those volumes never contained any confidential information > that might require auditing. Or *might in the future contain* any auditable information. You have to build a lot into your deployment processes to prove due diligence if you operate this way. I get *particularly* nervous when we're talking about z/OS data. How can you programmatically know that a volume does or does not contain auditable data? You don't. That means a very precise and controlled process for application and data deployment. And if the z/OS system is up and running, you have a real opportunity for data integrity loss. Alan Altmark z/VM Development IBM Endicott ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
