Cris Hernandez #9 wrote: >I too have auditors who treat the my mainframe like one those little puters and I find it best to first educate them before they convince my management to send me chasing phantoms. Don't assume your auditor won't appreciate a mainframe education.
Jim Marshall wrote: >Auditors came around and wrote up our z/OS V1R10 Sysplex for not running a Virus Checker. Anyone has a constructive solution as to one being available or some verbage which defends the position. After reading all those good answers, please allow me a reply: I told my auditors this: 1. There are NO vendors for z/OS antivirus software. Give me one example and I'm ready to talk with my management. Otherwise we talk about RACF, APF, etc. as discussed already in this thread. 2. There are Linux and Unix antivirus software, but z/OS itself are immune against the threats. 3. Some disgruntled employee(s) may place a TROJAN, not a virus. It happened unfortunately. That is another matter for another rainy day. 4. Depending on RACF accesses, one can write something in any language to delete or modify datasets. Anyone. It is up to you to protect your z/OS. Read again that thread in ibmmainframes.com mentioned in this thread for some info. 5. About VAT Security and similar software/service - It looked to me that this is *ethical* hacking/penetrating/scanning for defects and exposures. That is the standard (?), but expensive way, for checking out your z/OS. There are many such software and services available from various vendors. I'm very sure those auditors are in for a serious *re-education* ;-D Groete / Greetings Elardus Engelbrecht ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html