HG71: How to Audit Mainframe-Internet Connections

(4 days, 32 CPE credits, $1980)
  • Currently available for in-house sessions

Please click: Here for Registration Form

For more information on seminar dates, locations, and hotels, and how to register, please click here:
Schedule/Registration/Locations/Hotels for IS Audit Training

Most IBM mainframe installations have connected at least one MVS mainframe to the Internet.

This often happens when the head of Marketing wants to take part in e-commerce, and discovers that the mainframe is the only computer that can hold the customer master file. Later, (we hope) it becomes clear that the mainframe is the only computer that can handle the immense volume of transactions resulting from a successful marketing campaign.

Of course, this Internet connection greatly increases the risk of improper access to mainframe data. However, IBM has provided a solid security archtitecture to control this risk. This class shows auditors how the Internet connection works, how it can be secured, and how to audit the way it is implemented in your organization.

HG71: You Will Learn:

  • How the software layers work to provide structured security for USS, TCP/IP, and the Websphere web server
  • Where the control points are and how to evaluate them
  • What data to collect and how to interpret it
  • How to conduct the audit, from planning and scoping through follow-up
  • What all the related buzzwords and acronyms mean
  • How to conduct the audit rapidly and efficiently, with maximum benefit to your organization

The workbook is a valuable reference, and includes a complete audit program.

Who Should Attend HG71?

Class Outline

            Table of Contents and Class Outline: 
    HG71: How to Audit Mainframe/Internet Connections

I     Keywords and Concepts

   A.  Introduction
   B.  How Mainframe/Internet Connections Work: MVS, USS, TCP/IP, 
       and the Websphere Web Server
   C.  How the Security Works for Each Software Layer
   D.  How the Security Works for the Internet
   E.  How Firewalls Work and What to Expect from IBM's Mainframe 
   F.  Recent Mainframe Security Enhancements from IBM Including:
       Automated Intrusion Detection, Port Control, SSL, and TLS
   G.  Control Objectives
   H.  The Audit Program

II    Action Plan

   A.  Scoping, Planning, and Basic Data-Gathering
   B.  Evaluation of Basic Security for Each Software Layer
   C.  Evaluation of Firewall Security
   D.  Evaluation of How the Security Pieces Fit Together
   E.  Wrap-up, Working Papers, and Follow-Up

III   Forms and Reference

   A.  Basic Security Model
   B.  Forms to Document Software Layers and Security Options
   C.  Audit Plan
   D.  Model Documents
   E.  USS Security Details
   F.  TCP/IP Security Details
   G.  Websphere Security Details
   H.  Digital Certificate Security Details
Please note that these seminars are available for In-House Sessions.

You can save more money by learning about our seminar Discounts

Return to Top of Page         Return to Home Page

Stu Henderson offers MVS security audits, consulting, seminars, articles, and other information sharing related to information security and auditing. His consulting includes: security reviews, risk assessments, RACF implementation assistance, and Information Technology audit technical counseling.
His most popular seminars provide: RACF training, mainframe audit training including MVS and z/OS audit training. His RACF seminars include: "Effective RACF Administration", "Advanced RACF Administration", and "UNIX (USS) for RACF Administrators".
His audit seminars include: "How to Audit MVS, RACF, ACF2, TopSecret, CICS, DB2, and MQ Series Security" and the follow-on "How to Audit z/OS with USS, TCP/IP, FTP, and the Internet", as well as "How to Audit UNIX and Windows Security" and "How to Audit TCP/IP Security".
Information on class location and schedules, as well as articles, links and other useful information sharing may be found on his website at www.stuhenderson.com