"Practical Ways to Do Things Better, and Comprehensive Reviews to Show You Where You Stand"

Archives for White Papers


The following white papers are available for your review, printing, or downloading. You may select them by clicking on the description below. They come from a variety of sources and in different formats. We hope you'll find them useful.


How to Manage Encryption on Windows, UNIX, and Mainframes
A Simple Guide for CIOs, CISOs, Security Admins, and Auditors


How to Protect Voting Machines and Registration Data From Hackers
Simple Steps to Secure Our Elections


Eleven Steps to Make Mainframe Security Audits More Effective and Efficient
Better z/OS (MVS) Security Audits


DB2 Security Features for DSOs and IS Auditors
a guide to some new and some old features


Stu Henderson’s Clear Explanation of Effective z/OS Security Auditing
a proven security audit program for mainframes with z/OS and MVS


Mainframe Security Compliance Management
What is it and how does it benefit me?


How to Secure Mainframe FTP
handout describing how FTP on the mainframe is different and how to secure it


21 Things You Didn't Use to Know About RACF, a Technical Update for Auditors
describes 21 items auditors should be familiar with in order to audit RACF security on an MVS or z/OS system


An Often Overlooked Security Hole in Enterprise Extender and Mainframe Networks
describes potential security hole with Enterprise Extender


Enterprise Extender Security
describes Enterprise Extender and Related Security Risks


Full Tape Security from Security Software and Tape Mgt. Software)
describes how to get full security for tape datasets by using both security software and tape management software


How to Break Into z/OS Systems (PDF Handout from a Presentation)
describes techniques for breaking into MVS (z/OS) systems and how to protect against them


How to Break Into z/OS Systems Through USS, TCP/IP, and the Internet (PDF Handout from a Presentation)
describes techniques for breaking into MVS (z/OS) systems through USS, TCP/IP and the Internet and how to protect against them


Interpreting Output from the RACF SETR LIST Command
explains the output from this command and recommends how you might want to set its options


Interpreting Output from the RACF DSMON Utility
explains the 11 reports provided by this utility and recommends how you might want to set its option for your organization.


The SERVAUTH Resource Class
describes the SERVAUTH resource class in RACF (IBM's security software for mainframe computers), which is used to control connections to TCP/IP networks.


How to Write a Security Policy
shows you practical considerations for writing a computer security policy for your organization.


Trends in MVS Security
shows you the security history and trends in the MVS operating system and helps you to project from them.


Audit Report Guidelines
describes guidelines for auditors to consider to make their reports more effective.


OTHER INFO SOURCES
provides links to more free useful information sources.


Return to Top of Page         Return to Home Page