On Wed, 5 Sep 2012 10:50:25 -0500, Greg Dorner gdor...@wpsic.com wrote:
Will you pass these 'rants and expletives' to these auditors? :-D
I will be passing them on to my manager. We are talking Federal auditors and
billion dollar government contracts, so, no, I won't be telling the auditors
MEAS is a product that can monitor SMP and file activity and alert when
something happens.
For more information see http://www.infosecinc.com/meas.php.
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send
Man, the auditors came up with a new one!
Gap noted. Automated controls to prevent the installation of unapproved
software were not documented.
So I have been assigned the task of researching how to provide Automated
controls to prevent the installation of unapproved software.
I'm hoping
W dniu 2012-09-05 14:21, Greg Dorner pisze:
Man, the auditors came up with a new one!
Gap noted. Automated controls to prevent the installation of
unapproved software were not documented.
So I have been assigned the task of researching how to provide
Automated controls to prevent the
What about IP liability concerns?
On Sep 5, 2012, at 06:47, R.S. wrote:
W dniu 2012-09-05 14:21, Greg Dorner pisze:
Man, the auditors came up with a new one!
Gap noted. Automated controls to prevent the installation of
unapproved software were not documented.
1. The requirement is plain
the installation of unapproved software
Man, the auditors came up with a new one!
Gap noted. Automated controls to prevent the installation of unapproved
software were not documented.
So I have been assigned the task of researching how to provide Automated
controls to prevent the installation
W dniu 2012-09-05 15:16, Paul Gilmartin pisze:
There's a genuine IP concern here. An employee might bring in from
a former employer an SD RAM with a TSO TRANSMIT unloaded library
containing a licensed program product, not licensed at the new
site and expose the new employer to significant
On Sep 5, 2012, at 8:16 AM, Paul Gilmartin paulgboul...@aim.com wrote:
Perhaps the auditor
should require that use of AMASPZAP be restricted.
We've restricted AMASPZAP since before I started working for the University.
We had a fun auditor request the other day. As a result of one request,
I strongly encourage programmers to write 'throwaway' programs that
investigate the files associated with a system. The idea is to obtain
answers to such questions as
o How many As? How many Bs?
o More Ds than Es after controlling for Cs?
that characterize the objects being manipulated by a
Is this application software developed in house? ISV updates? What? Check
out ISPW or SysChange tools.
Mitch McCluhan
-Original Message-
From: Greg Dorner gdor...@wpsic.com
To: IBM-MAIN IBM-MAIN@LISTSERV.UA.EDU
Sent: Wed, Sep 5, 2012 5:21 am
Subject: Preventing the installation
I *HATE* checklist auditors. This sounds like a WINTEL based checklist
It does indeed sound like the auditor is applying Wintel security principles
to a mainframe system.
The right questions to ask re mainframe security are:
(1) Are the users properly authenticated?
(2) Is the data properly
On Wed, 5 Sep 2012 13:51:24 +, Pew, Curtis G wrote:
We've restricted AMASPZAP since before I started working for the University.
Seriously.
-- gil
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send
Greg Dorner wrote:
Man, the auditors came up with a new one!
Gap noted. Automated controls to prevent the installation of unapproved
software were not documented.
DANGER! ALARM! EVACUATE! START DRP! GAP NOTED IN AUDITORS BRAIN CELLS! ;-D
After reading all those threads: I have one request
Radoslaw Skorupka wrote:
BTW: What about pedophile porn pictures and movies? How can we control it?
Maybe your cow-worker keeps some of these pictures as members of
JSMITH.COBOL.VAR.OBJECT library?
Ahem, how did you know that dataset and its contents? ;-D
hm. ;-D
No, I'm just joking,
Will you pass these 'rants and expletives' to these auditors? :-D
I will be passing them on to my manager. We are talking Federal auditors and
billion dollar government contracts, so, no, I won't be telling the auditors
anything. I let management (who are trained not to put their foot in their
:Re: Preventing the installation of unapproved software
Sent by:IBM Mainframe Discussion List IBM-MAIN@LISTSERV.UA.EDU
Will you pass these 'rants and expletives' to these auditors? :-D
I will be passing them on to my manager. We are talking Federal auditors
and billion dollar
On Wed, 5 Sep 2012 16:59:16 +0100, haralder haralder wrote:
We explained our auditor that the software instalation tool in z/OS is
SMP/E, which is protected by the GIM.* profile in the FACILITY class
in our RACF. We printed the accesses for that profile and they were
satisfied enough after we
, 2012 11:37 AM
Subject: Re: Preventing the installation of unapproved software
Greg DornerĀ wrote:
Man, the auditors came up with a new one!
Gap noted. Automated controls to prevent the installation of unapproved
software were not documented.
DANGER! ALARM! EVACUATE! START DRP! GAP NOTED
Any thoughts? I also accept rants and expletives.
-- ok, here's a rant for you:
auditors: their only function in life is to show up on the battlefield after
the battle, and shoot the wounded.
/s/ tuco bonno;
Graduate, College of Conflict Management;
University of SouthEast Asia;
W dniu 2012-09-05 17:50, Elardus Engelbrecht pisze:
Radoslaw Skorupka wrote:
BTW: What about pedophile porn pictures and movies? How can we control it?
Maybe your cow-worker keeps some of these pictures as members of
JSMITH.COBOL.VAR.OBJECT library?
Ahem, how did you know that dataset and
In 50475f32.9050...@acm.org, on 09/05/2012
at 09:18 AM, Joel C. Ewing jcew...@acm.org said:
and this is the only
locally produced documentation that makes sense on z/OS,
While the auditors in question may be stark raving bonkers, there is
other relevant documentation; change control
enough.
-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf
Of Greg Dorner
Sent: Wednesday, September 05, 2012 5:22 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Preventing the installation of unapproved software
Man, the auditors came up
22 matches
Mail list logo