On 8 Sep 2013 20:37:23 -0700, in bit.listserv.ibm-main Jon Perryman wrote: >No matter how much knowledge and money you have available, you can't be 100% >secure (we still have APF). You can only secure known exposures as well as the >technologie permits and reduce area's of risk. While z/OS can be extremely >secure, you don't review IBM's code for exposures. How about vendor code? Do >you upgrade products and know they did not introduce an exposure. Are the >employee's 100% infallible and trustworthy.
I am looking at the amount of information that Edward Snowden purportedly has gotten and then look at the access that storage administrators or DBAs need in order to do their jobs. Who has the knowledge of what to steal and the access to do so with an ability to minimize the chances of getting caught? Which group has the most access, systems programmers, DBAs, storage administrators or security people? How much is the risk increased if duties are combined such as DBA and storage administration? Clark Morris > >Security is by nature obscurity. There is a saying that the solution to the >problem only changes the problem. As others have said, this is a question >about money, willingness and perseverance to find a hole. Userid's, passwords >and securid are obscure (unlikely but possible to guess). Encryption is >unlikely but possible to break given time and willpower (they say CIA can >crack 256 byte keys). RACF protects datasets from some users but not others. >APF libraries are limited and access restricted but some users must have >access. Sysprogs get more access to system datasets when installing new >releases and updates. We consider these to be secure but there are ways you >can get at them with luck, persistence and willpower. > >Jon Perryman. > > > > >>________________________________ >> From: Scott Ford <[email protected]> >> >> >> >>You can secure the environment one is responsible for with correct knowledge >>and funding >> > >---------------------------------------------------------------------- >For IBM-MAIN subscribe / signoff / archive access instructions, >send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
