Information Security Training
from the Henderson Group 		This page is:
AUDIT TRAINING: HG71: Mainframe/Internet

Quick Links:

HOME PAGE

CONTACT US

INFOSEC TRAINING

IT AUDIT TRAINING

NEWSLETTERS AND USER GROUPS

ARTICLES PRIVACY STATEMENT

ABOUT US

OTHER INFO SOURCES


HG71: How to Audit Mainframe/Internet Connections (Websphere)


(2 Days, 16 CPE Credits; $820)


  • Currently available for in-house sessions
Most IBM mainframe installations have connected at least one MVS mainframe to the Internet. This often happens when the head of Marketing wants to take part in e-commerce, and discovers that the mainframe is the only computer that can hold the customer master file. Later, (we hope) it becomes clear that the mainframe is the only computer that can handle the immense volume of transactions resulting from a successful marketing campaign.

Of course, this Internet connection greatly increases the risk of improper access to mainframe data. However, IBM has provided a solid security archtitecture to control this risk. This class shows auditors how the Internet connection works, how it can be secured, and how to audit the way it is implemented in your organization.

You will learn:

  • How the software layers work to provide structured security for USS, TCP/IP, and the Websphere web server
  • Where the control points are and how to evaluate them
  • What data to collect and how to interpret it
  • How to conduct the audit, from planning and scoping through follow-up
  • What all the related buzzwords and acronyms mean
  • How to conduct the audit rapidly and efficiently, with maximum benefit to your organization
The workbook is a valuable reference, and includes a complete audit program.

For more information on seminar dates, locations, and hotels, and how to register, please click here:
Schedule/Registration/Locations/Hotels


Return to Top of Page

Return to Home Page

Who Should Attend HG71?

  • Information Techology auditors who will be auditing mainframe/Internet connections
  • Financial auditors who want to learn more about IT auditing and Internet security

Please note that you can save money by holding these classes in-house. Call Stu at (301) 229-7187 for details.

Note also the classes we offer for Information Security Training, as listed on the left under QUICK LINKS.
Return to Top of Page

Return to Home Page



"Very comprehensive. Stu does a great job of tailoring the class to the audience." ---Gary Puhl, AT&T

"Stu helped me understand how to put a very technical topic into business terms, so I can convey weaknesses to management in terminology they will find valuable."
---Douglas Porta, Coopers& Lybrand 

            Table of Contents and Class Outline: 
    HG71: How to Audit Mainframe/Internet Connections

I     Keywords and Concepts

   A.  Introduction
   B.  How Mainframe/Internet Connections Work: MVS, USS, TCP/IP, 
       and the Websphere Web Server
   C.  How the Security Works for Each Software Layer
   D.  How the Security Works for the Internet
   E.  How Firewalls Work and What to Expect from IBM's Mainframe 
       Firewall 
   F.  Recent Mainframe Security Enhancements from IBM Including:
       Automated Intrusion Detection, Port Control, SSL, and TLS
   G.  Control Objectives
   H.  The Audit Program


II    Action Plan

   A.  Scoping, Planning, and Basic Data-Gathering
   B.  Evaluation of Basic Security for Each Software Layer
   C.  Evaluation of Firewall Security
   D.  Evaluation of How the Security Pieces Fit Together
   E.  Wrap-up, Working Papers, and Follow-Up


III   Forms and Reference

   A.  Basic Security Model
   B.  Forms to Document Software Layers and Security Options
   C.  Audit Plan
   D.  Model Documents
   E.  USS Security Details
   F.  TCP/IP Security Details
   G.  Websphere Security Details
   H.  Digital Certificate Security Details
 
INDEX

Return to Top of Page

Return to Home Page