A major source of vulnerabilities is people. If you have onunsound policies, or if management does not enforce policies, then you are vulnerable.
You have people writing down their passwords? You're vulnerable. You have employees selling your data? You're vulnerable. You're not channging default passwords? You're vulnerable. This is not to say that robust software is not also crucial. But if you don't properly manage the people side, you're toast. -- Shmuel (Seymour J.) Metz http://mason.gmu.edu/~smetz3 ________________________________________ From: IBM Mainframe Discussion List [[email protected]] on behalf of Colin Paice [[email protected]] Sent: Wednesday, December 22, 2021 3:57 AM To: [email protected] Subject: Re: article about ransomeware and mainframe Someone told me the most unreliable part of a computer system is the human. Perhaps z/OS people are more cautious, or do not run email on their system, and so less chance of running evil code. I heard that people can get fake covid passports because someone one on the inside can add fake records to the database. So no matter how secure your system is...it is the soft flabby bit that lets it down. Colin On Tue, 21 Dec 2021 at 22:41, Seymour J Metz <[email protected]> wrote: > The devil is in the details. Suggesting useless tests while overlooking > essential tests can make people less likely to discover their security > issues.I would have stressed that there are managerial exposures and > technological exposures; deal with both types else sooner or later your > system will be compromised. > > > -- > Shmuel (Seymour J.) Metz > http://mason.gmu.edu/~smetz3 > > ________________________________________ > From: IBM Mainframe Discussion List [[email protected]] on behalf > of Erik Janssen [[email protected]] > Sent: Tuesday, December 21, 2021 2:27 PM > To: [email protected] > Subject: Re: article about ransomeware and mainframe > > The article itself may contain some errors and misunderstandings, but the > conclusion is absolutely spot on. Some people still maintain the idea that > z/OS is better that linux and even windows in terms of security. Sadly, > this believe and lack of urgency means that all z/OS shops that are not > recent on their maintenance today are running with zero day exploits in APF > authorized routines that leave them extremely vulnerable. > > Kind regards, > Erik Janssen. > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
