How to Audit RACF: IT Audit Training and RACF Audit Training from the Henderson Group

Information Security Training
from the Henderson Group

This page is:
AUDIT TRAINING: HG74: RACF

Quick Links:

HOME PAGE

CONTACT US

INFOSEC TRAINING

HG04: Effective RACF

HG05: Advanced RACF

HG06: UNIX FOR RACF ADMINS

HG17: Comprehensive
z/OS Security

Seminar Schedule/
Registration/
Locations/Hotels
-Clearwater, FL

IT AUDIT TRAINING

HG62:Comprehensive Information Systems Auditing with Case Studies

HG63:How to Audit Windows, UNIX, and TCP/IP Security

HG64:How to Audit MVS, RACF, ACF2, CICS, and DB2 Security

HG73: How to Audit CICS

HG74:How to Audit RACF

HG75: How to Audit MVS

Seminar Schedule/
Registration/
Locations
-Clearwater, FL

NEWSLETTERS AND USER GROUPS

ARTICLES

PRIVACY STATEMENT

ABOUT US

OTHER INFO SOURCES

HG74: How to Audit RACF

(2 or 3 Days, 16 or 24 CPE Credits)

This class is currently not scheduled. It can be presented in-house or to ISACA chapters. You may want to consider HG64 which has similar material combined with other topics.
This class shows you how to audit RACF (Resource Access Control Facility), the most widely used information security software for IBM mainframe computers. (RACF is part of IBM's Secureway Security Server line of products.)
You will learn in clear, simple terms how RACF provides information security for MVS, OS/390, and z/OS, including security for CICS, USS (UNIX under MVS), TCP/IP, and the Websphere Internet Server. The class provides a structured approach to auditing any RACF implementation quickly, easily, and effectively.
You will learn:

What RACF is and How to Audit it
How RACF Relates to Other System Software
Where the control points are and how to evaluate them
The Two Key Printouts to Evaluate a RACF Implementation
What data to collect and how to interpret it
How to conduct the audit, from planning and scoping through follow-up
What all the related buzzwords and acronyms mean
How to conduct the audit rapidly and efficiently, with maximum benefit to your organization
The workbook is a valuable reference, and includes a complete audit program.
For more information on seminar dates, locations, and hotels, and how to register, please click here:
Schedule/Registration/Locations/Hotels

To learn more about this seminar, including the Class Outline, please scroll down.

Return to Top of Page

Return to Home Page

Who Should Attend HG74?

Information Techology auditors who will be auditing cross-platform applications
Financial auditors who want to learn more about IT auditing

Please note that you can save money by holding these classes in-house. Call Stu at (301) 229-7187 for details.
Note also the classes we offer for Information Security Training, as listed on the left under QUICK LINKS.
Return to Top of Page

Return to Home Page

"Mr. Henderson is an outstanding teacher." ---Ray Mosher, FDC
"The class is great, but be prepared to take in a lot of information."
---Cindy Harrison, The Sabre Group

Table of Contents and Class Outline: HG74: How to Audit RACF Page I Concepts and Keywords 3 A. Introduction 3 A Working Example 7 Audit Rules 8 B. How Information Security Works -- Two Aspects 21 C. How RACF Security Works -- the Details 23 D. The Two-by-five Audit Approach: 42 E. The Big 5 Questions 43 F. Data Sources and Tools 64 G. Control Objectives 67 H. The Audit Program 68 II. Action Plan 70 Scoping, Planning and Basic Data Gathering 71 The Five-Step Audit Program 76 A. Access to the System 76 B. Access to Data 92 C. Access to Resources 108 D. Authority to Change Rules 123 E. Separation of Authority 137 Wrap-up, Working Papers, and Follow-Up 148 III Forms and Reference 151 A. Basic Security Model 152 B. Forms to Summarize RACF Implementation 157 C. Audit Plan 173 D. Model Documents 183 E. RACF Fundamentals 195 F. SMF Data and the RACFRW 200 G. RACF Database Unload Utility Guide 214 H. RACF Audit Checklist 219 I. SETR LIST Guide 228 J. DSMON Guide 247 INDEX 273

Return to Top of Page

Return to Home Page