I just saw the comment on a long passwords where it would take two people to enter a single password. I remember back in the VAX/VMS days where there was a password option for a UserID to be setup where it required two passwords.
Thank you, Scott From: The IBM z/VM Operating System [mailto:[email protected]] On Behalf Of Tom Huegel Sent: Friday, December 10, 2010 8:16 AM To: [email protected] Subject: Re: Vswitch Grant as a CMD in User's Directory? Does anyone run applications in z/VM? Isn't the 'protected data' owned by some other OS (z/OS, z/VSE, zLINUX). It seems that the high level security effort belongs in those OS's. z/VM just needs to keep those systems isolated and NOT be able to circumvent their security procedures. On Fri, Dec 10, 2010 at 2:46 AM, Les Koehler <[email protected]> wrote: Back in the old days, I recall a finance type person saying something like: The Gold Standard is that it should take collusion between two or more people to defraud the company. If we apply that to IT, then shouldn't pswds for privileged userids that can access/change financial data be long enough that TWO sysprogs can each be given half a pswd so they both have to be present to make a change? Les Alan Altmark wrote: On Thursday, 12/09/2010 at 12:01 EST, Tom Huegel <[email protected]> wrote: Does it really matter? SOX is just another way congress has come up with to destroy the American economy, and in fact the American way of life. When you read the law, you find that SOX is "simply" a way to hold executives responsible for the financial statements issued by their companies. Assuming no ill intent (no comments, please!), that means trustworthy data. That flows downhill, as all such things must, until we start talking about access controls and audit mechanisms for financial data. That is, knowing who has the means and the opportunity to access the data, and knowing who has actually done so. (I leave it to others to talk about motive.) Who, what, where, when. Unfortunately, IT security industry consultants have mangled this laudable concept into a paranoia-inducing behemoth that has people screaming in terror as it rampages across the country, flogging every sysadmin in its path. Why? Because financial status is inferred from many other data sources and no one wants to spend the time it takes to follow all the data flows. Result: Secure Everything. With HIPAA and PCI running alongside, the "Secure Everything" policy looks even more reasonable to CEOs, CIOs, CFOs, and their lawyers. Alan Altmark z/VM and Linux on System z Consultant IBM System Lab Services and Training ibm.com/systems/services/labservices office: 607.429.3323 [email protected] IBM Endicott Confidentiality Note: This e-mail, including any attachment to it, may contain material that is confidential, proprietary, privileged and/or "Protected Health Information," within the meaning of the regulations under the Health Insurance Portability & Accountability Act as amended. If it is not clear that you are the intended recipient, you are hereby notified that you have received this transmittal in error, and any review, dissemination, distribution or copying of this e-mail, including any attachment to it, is strictly prohibited. If you have received this e-mail in error, please immediately return it to the sender and delete it from your system. Thank you.
