HG70: How to Audit Cross-Platform Applications

(2 Days, 16 CPE Credits; $820)

Please click: Here for Registration Form

For more information on seminar dates, locations, and hotels, and how to register, please click here:
Schedule/Registration/Locations/Hotels for IS Audit Training

This class shows you how to audit the protection of an application's data when the data is kept on a mainframe computer connected to other platforms (that is, other models of computer such as UNIX, WIndows, Novell, and others).

You will learn how to identify all the platforms involved and the network connections between them. Even if you aren't familiar with all the platforms, you will learn a straight-forward, simple approach to collect and analyze information on the security of each platform, and on the security of the entire cross-platform architecture. You will then learn how to audit the protection over your application's data in the light of these findings.

HG70: You Will Learn:

  • How to determine what platforms are involved and how they are connected
  • How the underlying hardware and software work
  • Where the control points are and how to evaluate them
  • What data to collect and how to interpret it
  • How to conduct the audit, from planning and scoping through follow-up
  • What all the related buzzwords and acronyms mean
  • How to conduct the audit rapidly and efficiently, with maximum benefit to your organization

The workbook is a valuable reference and includes a complete audit program.

Who Should Attend HG70?

Class Outline

                   Table of Contents and Class Outline:
                HG70: How to Audit Cross-Platform Applications

I     Keywords and Concepts

   A.  Introduction
   B.  How Common Security Concepts are Reflected on Different Platforms
   C.  How Connecting Different Platforms Affects Security
   D.  What to Do If You Aren't Familiar with a Given Platform
   E.  Control Objectives
   F.  The Audit Program

II    Action Plan

   A.  Scoping, Planning, and Basic Data-Gathering
   B.  Evaluation of Each Platform's User Identification
   C.  Evaluation of Each Platform's Data Protection
   D.  Evaluation of Connection Security
   E.  Evaluation of the Protection for the Application's Data on All 
   F.  Wrap-up, Working Papers, Follow-up

III   Forms and Reference

   A.  Basic Security Model
   B.  Forms to Document Platforms and Links Between Them
   C.  Audit Plan
   D.  Model Documents
   E.  Security Details for Various Platforms
                UNIX Security Details
                Windows NT and Windows/2000 Security Details
                MVS with RACF Security Details
                MVS with ACF2 Security Details
                MVS with TopSecret Details
                CICS Security Details
                MQ Series Security Details
                DB2 Security Details
                TCP/IP Security Details


Please note that these seminars are available for In-House Sessions.

You can save more money by learning about our seminar Discounts

Return to Top of Page         Return to Home Page

Stu Henderson offers MVS security audits, consulting, seminars, articles, and other information sharing related to information security and auditing. His consulting includes: security reviews, risk assessments, RACF implementation assistance, and Information Technology audit technical counseling.
His most popular seminars provide: RACF training, mainframe audit training including MVS and z/OS audit training. His RACF seminars include: "Effective RACF Administration", "Advanced RACF Administration", and "UNIX (USS) for RACF Administrators".
His audit seminars include: "How to Audit MVS, RACF, ACF2, TopSecret, CICS, DB2, and MQ Series Security" and the follow-on "How to Audit z/OS with USS, TCP/IP, FTP, and the Internet"
Information on class location and schedules, as well as articles, links and other useful information sharing may be found on his website at www.stuhenderson.com