On 18 Aug 2011 14:00:39 -0700, in bit.listserv.ibm-main you wrote: >--------------------------------------<snip>------------------------------------ >This person had a user-id and password with privileges. Think of the >harm someone with a system programmers id and privileges can do. For >those of you who have been at a number of shops, how many were really >careful about ids and their revocation. Most of the ones I was at were >and I am not certain about the others. The problem was the security >culture and I guarantee you that not all mainframe shops are really good >about it. >------------------------------------<unsnip>----------------------------------- >In my last shop, the head of security administration (one of my many >hats) had to be informed BEFORE the person being terminated. Id he/she >was logged on, I was to revoke the userid and if logged on, cancel the >session. The person being terminated was escorted off the premises and >could make arrangements to clean out personnal property at a later date. > >-------------------------------------<snip>--------------------------------------- >I also would almost guarantee you there are a number of Unix and Windows >shops that take it very seriously. >--------------------------------------<unsnip>---------------------------------- >Then why in God's name are they running Windoze and/or UNIX?? > >----------------------------------<snip>------------------------------------------ >How quickly do mainframe shops apply the PTF's for integrity APARs? How >quickly do the other environments apply the comparable fixes? >-----------------------------------<unsnip>---------------------------------------- >For our MVS-OS/390-z/OS environment(s), we always let PTF's age for 30 >days, partly to let someone else debug them and partly to evaluate their >impact in our shop. Then we decided whether to apply or not. For the >Windoze and UNIX weenies, I can't say.
Which means you leave the security hole fixed by the integrity APAR open for 30 days. In at least some Windows and Unix shops, the comparable fixes get a higher priority. > >Rick > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
