> -----Original Message----- > From: Linux on 390 Port [mailto:[EMAIL PROTECTED] On > Behalf Of Alan Altmark > Sent: Monday, May 19, 2008 1:33 PM > To: [email protected] > Subject: Re: z/Linux access to z/OS DASD > > On Monday, 05/19/2008 at 01:26 EDT, "McKown, John" > <[EMAIL PROTECTED]> wrote: > > > Personal opinion time, doning Security Admin hat: There is > NO way that I > > would allow a Linux system to directly access my z/OS > datasets. Why? No > > ability to audit. No ability to restrict access and prove > that access > > was restricted to authorized users (thinking of HIPAA data). > > > > Now, I __might__ consider it if only a very few z/OS > volumes were even > > accessable from the Linux system and I could assure myself that the > > datasets on those volumes never contained any confidential > information > > that might require auditing. > > Or *might in the future contain* any auditable information. > You have to > build a lot into your deployment processes to prove due > diligence if you > operate this way. I get *particularly* nervous when we're > talking about > z/OS data. > > How can you programmatically know that a volume does or does > not contain > auditable data? You don't. That means a very precise and controlled > process for application and data deployment. > > And if the z/OS system is up and running, you have a real > opportunity for > data integrity loss. > > Alan Altmark > z/VM Development
Very correct. I would not go there. From the movie "Horse Feathers": "Whatever it is, I'm against it. No matter who conceived it or commenced it. I'm against it!" -- John McKown Senior Systems Programmer HealthMarkets Keeping the Promise of Affordable Coverage Administrative Services Group Information Technology The information contained in this e-mail message may be privileged and/or confidential. It is for intended addressee(s) only. If you are not the intended recipient, you are hereby notified that any disclosure, reproduction, distribution or other use of this communication is strictly prohibited and could, in certain circumstances, be a criminal offense. If you have received this e-mail in error, please notify the sender by reply and delete this message without copying or disclosing it. ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
