On Wed, May 29, 2019 at 1:23 PM Schuffenhauer, Mark <[email protected]> wrote:
> My sales favorite was knowing key functionality is vaporware, talking up > everything the software would do some day. Then being horrified when you > realize the 'decision makers' are eating it up. None of them ends up in > hell when the product doesn't work and the functionality delivery date > keeps getting pushed forward... but, I got to work with a 3745 until 2009. > I dislike some sales people's tactics. We bought a z890 and got an IFL. Two statements: (1) Linux runs on an IFL. (2) Linux can run Windows applications using WINE. The missing portion of statement #2 ", on an Intel processor." Management didn't ask any technical people, they just got the z890 + IFL. Then things got bad. > > Security is no good without PEN testing and auditing from the Security > Technical Implementation Guide (STIG) documents. If you haven't crossed > your eyes and dotted your teas.... wait, reverse that. Your odds of solid > security can be greatly decreased. > > No security by obscurity. > EBCDIC is not a method of encryption. > Stop people from using stupid passwords. Ideally daily ID's have no > elevated access, any elevated id must be checked out, activated, with a new > password on each use. I realize that would be messy, but if you have > better password security(pass phrases, excluded words (months of the year, > or seasons) or MFA going, never mind. This isn't the paragraph you're > looking for... > Although I agree with that paragraph, I have never been in a shop which does it. The closest was when I worked for "The Equitable". I did not have update access to datasets on the production system volumes. If I needed to update something, such as PARMLIB, or a PROCLIB, or do SMP/E work, I had to get with my manager; he would put in a request to the security admin; she would grant me update authority for a short time & audit me; When I was finished, she would revoke my access and print an audit report of my activity while I had escalated access. -- This is clearly another case of too many mad scientists, and not enough hunchbacks. Maranatha! <>< John McKown ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
