On Mon, Jul 31, 2017 at 11:32 PM, Timothy Sipples <[email protected]> wrote:
> John McKown wrote: > >There are _NO_ connections to z/OS even from internal boxes. When files > >need to be transferred, they are written from z/OS to the appropriate, > >internal, FTP server. > > So there are no connections, but there are connections. With bulk transfers > of personal healthcare data with no granular security context preserved, I > assume. As Mr. Spock used to say, "Fascinating." > > The modern (and not so modern) reality is that "internal" networks are > being penetrated all the time, and "internal" servers (and other devices) > are getting pwned all the time. "Maginot Line" approaches no longer work, > if they ever did. > > https://en.wikipedia.org/wiki/Maginot_Line > > Defense in depth is really, really important. This isn't the time for > complacency, I'm afraid. > > Yes, I'm aware that there are some individuals in management who, on > occasion, act like Frank Drebin: > > https://www.youtube.com/watch?v=pdFl__NlOpA > > It's still important to explain the risks and document them. > Yes. And hopefully the ones whose job this is are doing that. I'm a z/OS sysprog who has been "impressed" (in the British nautical sense) with doing some RACF work. But I don't make policy. I just try to enforce it. I'm not in any kind of position to even speak to those "in the know". -- Veni, Vidi, VISA: I came, I saw, I did a little shopping. Maranatha! <>< John McKown ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
