Re: Security vs knowledge [was: RE: how to list LE options]

Thu, 21 Jun 2007 11:55:39 -0700 

In our organization any user who requests access to any resource has to
demonstrate a business need (not want) to the owner of the resource.  The
owner of the resource is the final authority regarding the alleged business
need.  

If the manager of the SYSPROG group says it's OK for a generic civilian to
browse SYS1.PARMLIB, we permit access. Our security group diligently avoids
the decision process.

    

-----Original Message-----
From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf
Of R.S.
Sent: Thursday, June 21, 2007 1:43 PM
To: [email protected]
Subject: Re: Security vs knowledge [was: RE: how to list LE options]

Ted MacNEIL wrote:
>> Because some fool of an auditor doesn't understand mainframes?  
>> That's just BS IMHO.  Fire the auditor for incompetence
> 
> An auditor doesn't set the rules.
> They just report on compliance.
> 
> I still see no reason for a non-SYSPROG to have access to PARMLIB!

Assuiming there is a reason, including curiosity and willingness to learn.
What would you do if non-SYSPROG would ask you about some member in the
PARMLIB ?  Deny the knowledge, just beacuse you are the God ?

IMHO the poorer tuned parmlib the higher will to hide the parmlib.

--
Radoslaw Skorupka
Lodz, Poland


--
BRE Bank SA
ul. Senatorska 18
00-950 Warszawa
www.brebank.pl

Sąd Rejonowy dla m. st. Warszawy 
XII Wydział Gospodarczy Krajowego Rejestru Sądowego, 
nr rejestru przedsiębiorców KRS 0000025237
NIP: 526-021-50-88
Według stanu na dzień 01.01.2007 r. kapitał zakładowy BRE Banku SA (w
całości opłacony) wynosi 118.064.140 zł. W związku z realizacją warunkowego
podwyższenia kapitału zakładowego, na podstawie uchwał XVI WZ z dnia
21.05.2003 r., kapitał zakładowy BRE Banku SA może ulec podwyższeniu do
kwoty 118.760.528 zł. Akcje w podwyższonym kapitale zakładowym będą w
całości opłacone.

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Reply via email to