SlideShare une entreprise Scribd logo

Implementation of RBAC and Data Classification onto a Mainframe system (v1.5)

Rui Miguel Feio
Rui Miguel Feio

A walk through the challenges of implementing a Role-Based Access Control (RBAC) solution and Data Classification on the mainframe. A basic overview of the steps taken, the tools used, the problems encountered and the final benefits.

Technologie
1  sur  30
Télécharger pour lire hors ligne
Implementation of RBAC and Data Classification Steve Tresadern Rui Miguel Feio RSM Partners September 2014 v1.5
Agenda l  Introductions l  Data Classification & Ownership l  Role-Based Access Control (RBAC) l  Maintain the environment l  Results l  Q&A
Who are we? l  Steve Tresadern l  27 years mainframe experience l  Former z/OS Systems Programmer l  Experience in Cryptography, RACF, Compliance l  Rui Miguel Feio l  15 years mainframe experience l  Experience in z/OS, RACF, zSecure, Development l  Last 4 years working in Security and implementing RBAC
DATA CLASSIFICATION & OWNERSHIP
Data Classification – What is it? l  Understanding what your data is Credit Card 11% Sarbanes Oxley 36% Customer - Confidential 16% Development 23% User 14%
Data Classification – What is it? l  Who owns your data Credit Card 7% Insurance 22% HR 13% Branch 27% Systems 9% Development 14% User 8%
Data Classification – Reasons to do it l  Audit requirements l  Compliance l  Who has privileged access? l  Who is accessing confidential information? l  Reduce the risk of fraud?
Data Classification – Aims l  Every dataset and resource profile must be; l  Classified in terms of confidentiality and integrity. l  All linked to an application. l  The basic security correctly defined l  Understand who has privileged access l  All applications have a business/data owner. l  Ideally they should approve all access l  Review who has access
Sources for Data Classification RACF Database Naming Standards Access Monitor Support Teams Local Knowledge XBridge Datasniff
Sources for Data Ownership Data Ownership RACF Database Service Management Support Teams Service Database Local Knowledge
Data Classification – Challenges l  Lack of knowledge in support teams l  Development Team Processes l  Business areas cooperation l  Non-RACF based security l  Unravelling of the environment l  Service Database – Up to date?
Data Classification Benefits Reduced Risk of Fraud Who has privileged access Focused Monitoring Recertification Audit Compliance
ROLE-BASED ACCESS CONTROL (RBAC)
RBAC – Reasons to do it l  Business organisation keeps changing l  Managing the mainframe security environment l  Audit requirements l  Compliance l  Recertification l  Remove access not required
RBAC Common Challenges - I l  Historical code l  Global Access Table (GAT) l  Lack of technical knowledge l  Business areas cooperation l  Least Privilege access implementation l  DB2
RBAC Common Challenges - II l  Recertification tools l  Unravelling of the RBAC
RBAC – Define Standards and Rules Personal userid connected to one role group Role group describes the business role Role group contains all the access All role groups will have an ‘owner’ Define RBAC Rules
RBAC - Sources of data Sources HR Data RACF Business Org. Chart Phone List Global Address List Local Knowledge Access Monitor
RBAC Stages – An overview Update/Develop Processes Implement RBAC Test RBAC implementation Devise RBAC implementation plan Engage with managers and users Identify logical grouping Analyse and prepare mainframe environment
RBAC Implementation Tools l  RSM RBAC tool l  RSM DB2 RBAC Tools l  Access Monitor data l  RACF Offline l  CARLa code
RBAC Benefits – Some examples Reduced Risk Fraud Security Management Joiners Movers Leavers Recertification Audit Monitor Who is who Who does what Least Privilege Access
MAINTAINING THE ENVIRONMENT
Tools – Maintain the environment l  In-House – Security Panels l  IBM zSecure Command Verifier l  IBM zSecure z/Alert l  RSM - zMonitor l  RSM – zDashboard
Tools – RSM zMonitor
Tools – RSM zDashboard
RESULTS
Reduction in Privileged Accesses 73,669 737,468 0 200,000 400,000 600,000 800,000 After Before
Reduction in Privileged Users 4,347 12,949 0 2,000 4,000 6,000 8,000 10,000 12,000 14,000 After Before
Questions
Contact Details l  Rui Miguel Feio - ruif@rsmpartners.com l  Steve Tresadern - stevet@rsmpartners.com l  RSM Partners - www.rsmpartners.com

Recommandé

E-RBAC Development - A Risk Based Security Architecture Approach
E-RBAC Development - A Risk Based Security Architecture ApproachE-RBAC Development - A Risk Based Security Architecture Approach
E-RBAC Development - A Risk Based Security Architecture Approach
Femi Ashaye
 
Privileged Access Management
Privileged Access ManagementPrivileged Access Management
Privileged Access Management
Hitachi ID Systems, Inc.
 
Identity and Access Management Introduction
Identity and Access Management IntroductionIdentity and Access Management Introduction
Identity and Access Management Introduction
Aidy Tificate
 
Privileged Access Management (PAM)
Privileged Access Management (PAM)Privileged Access Management (PAM)
Privileged Access Management (PAM)
danb02
 
Identity & Access Management by K. K. Mookhey
Identity & Access Management by K. K. MookheyIdentity & Access Management by K. K. Mookhey
Identity & Access Management by K. K. Mookhey
Network Intelligence India
 
GTM vs AWS Route 53 with Cisco umbrella
GTM vs AWS Route 53 with Cisco umbrellaGTM vs AWS Route 53 with Cisco umbrella
GTM vs AWS Route 53 with Cisco umbrella
Dhruv Sharma
 
Developing an IAM Roadmap that Fits Your Business
Developing an IAM Roadmap that Fits Your BusinessDeveloping an IAM Roadmap that Fits Your Business
Developing an IAM Roadmap that Fits Your Business
ForgeRock
 
Identity & Access Management - Securing Your Data in the 21st Century Enterprise
Identity & Access Management - Securing Your Data in the 21st Century EnterpriseIdentity & Access Management - Securing Your Data in the 21st Century Enterprise
Identity & Access Management - Securing Your Data in the 21st Century Enterprise
Lance Peterman
 

Recommandé

E-RBAC Development - A Risk Based Security Architecture Approach
E-RBAC Development - A Risk Based Security Architecture ApproachE-RBAC Development - A Risk Based Security Architecture Approach
E-RBAC Development - A Risk Based Security Architecture Approach
Femi Ashaye
 
Privileged Access Management
Privileged Access ManagementPrivileged Access Management
Privileged Access Management
Hitachi ID Systems, Inc.
 
Identity and Access Management Introduction
Identity and Access Management IntroductionIdentity and Access Management Introduction
Identity and Access Management Introduction
Aidy Tificate
 
Privileged Access Management (PAM)
Privileged Access Management (PAM)Privileged Access Management (PAM)
Privileged Access Management (PAM)
danb02
 
Identity & Access Management by K. K. Mookhey
Identity & Access Management by K. K. MookheyIdentity & Access Management by K. K. Mookhey
Identity & Access Management by K. K. Mookhey
Network Intelligence India
 
GTM vs AWS Route 53 with Cisco umbrella
GTM vs AWS Route 53 with Cisco umbrellaGTM vs AWS Route 53 with Cisco umbrella
GTM vs AWS Route 53 with Cisco umbrella
Dhruv Sharma
 
Developing an IAM Roadmap that Fits Your Business
Developing an IAM Roadmap that Fits Your BusinessDeveloping an IAM Roadmap that Fits Your Business
Developing an IAM Roadmap that Fits Your Business
ForgeRock
 
Identity & Access Management - Securing Your Data in the 21st Century Enterprise
Identity & Access Management - Securing Your Data in the 21st Century EnterpriseIdentity & Access Management - Securing Your Data in the 21st Century Enterprise
Identity & Access Management - Securing Your Data in the 21st Century Enterprise
Lance Peterman
 
Réussir son projet de sécurisation des Identités en 5 commandements (parce qu...
Réussir son projet de sécurisation des Identités en 5 commandements (parce qu...Réussir son projet de sécurisation des Identités en 5 commandements (parce qu...
Réussir son projet de sécurisation des Identités en 5 commandements (parce qu...
Identity Days
 
Log Monitoring and File Integrity Monitoring
Log Monitoring and File Integrity MonitoringLog Monitoring and File Integrity Monitoring
Log Monitoring and File Integrity Monitoring
Kimberly Simon MBA
 
Identity & access management
Identity & access managementIdentity & access management
Identity & access management
Vandana Verma
 
Identity & Access Management for Securing DevOps
Identity & Access Management for Securing DevOpsIdentity & Access Management for Securing DevOps
Identity & Access Management for Securing DevOps
Eryk Budi Pratama
 
Identity and Access Management (IAM)
Identity and Access Management (IAM)Identity and Access Management (IAM)
Identity and Access Management (IAM)
Jack Forbes
 
PCI DSS Compliance
PCI DSS CompliancePCI DSS Compliance
PCI DSS Compliance
Saumya Vishnoi
 
The Path to IAM Maturity
The Path to IAM MaturityThe Path to IAM Maturity
The Path to IAM Maturity
Jerod Brennen
 
Identity Access Management 101
Identity Access Management 101Identity Access Management 101
Identity Access Management 101
OneLogin
 
Identity and Access Management (IAM)
Identity and Access Management (IAM)Identity and Access Management (IAM)
Identity and Access Management (IAM)
Identacor
 
Webinar - pci dss 4.0 updates
Webinar - pci dss 4.0 updates Webinar - pci dss 4.0 updates
Webinar - pci dss 4.0 updates
VISTA InfoSec
 
Multi cloud security architecture
Multi cloud security architecture Multi cloud security architecture
Multi cloud security architecture
Maganathin Veeraragaloo
 
Radius vs. Tacacs+
Radius vs. Tacacs+Radius vs. Tacacs+
Radius vs. Tacacs+
Netwax Lab
 
Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CKIntroduction to MITRE ATT&CK
Introduction to MITRE ATT&CK
Arpan Raval
 
Identity and Access Management (IAM): Benefits and Best Practices 
Identity and Access Management (IAM): Benefits and Best Practices Identity and Access Management (IAM): Benefits and Best Practices 
Identity and Access Management (IAM): Benefits and Best Practices 
Veritis Group, Inc
 
Identity Access Management (IAM)
Identity Access Management (IAM)Identity Access Management (IAM)
Identity Access Management (IAM)
Prof. Jacques Folon (Ph.D)
 
Intel IT's Identity and Access Management Journey
Intel IT's Identity and Access Management JourneyIntel IT's Identity and Access Management Journey
Intel IT's Identity and Access Management Journey
Intel IT Center
 
Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security Architecture
Priyanka Aash
 
5. Identity and Access Management
5. Identity and Access Management5. Identity and Access Management
5. Identity and Access Management
Sam Bowne
 
Identity and Access Management 101
Identity and Access Management 101Identity and Access Management 101
Identity and Access Management 101
Jerod Brennen
 
Identity & Access Management Day 2022.pdf
Identity & Access Management Day 2022.pdfIdentity & Access Management Day 2022.pdf
Identity & Access Management Day 2022.pdf
Chinatu Uzuegbu
 
How to Protect Your Mainframe from Hackers (v1.0)
How to Protect Your Mainframe from Hackers (v1.0)How to Protect Your Mainframe from Hackers (v1.0)
How to Protect Your Mainframe from Hackers (v1.0)
Rui Miguel Feio
 
Mainframe Security - It's not just about your ESM v2.2
Mainframe Security - It's not just about your ESM v2.2Mainframe Security - It's not just about your ESM v2.2
Mainframe Security - It's not just about your ESM v2.2
Rui Miguel Feio
 

Contenu connexe

Tendances

Identity Access Management 101
Identity Access Management 101Identity Access Management 101
Identity Access Management 101
OneLogin
 
Identity & Access Management Day 2022.pdf
Identity & Access Management Day 2022.pdfIdentity & Access Management Day 2022.pdf
Identity & Access Management Day 2022.pdf
Chinatu Uzuegbu
 

Tendances (20)

Réussir son projet de sécurisation des Identités en 5 commandements (parce qu...
Réussir son projet de sécurisation des Identités en 5 commandements (parce qu...Réussir son projet de sécurisation des Identités en 5 commandements (parce qu...
Réussir son projet de sécurisation des Identités en 5 commandements (parce qu...
 
Log Monitoring and File Integrity Monitoring
Log Monitoring and File Integrity MonitoringLog Monitoring and File Integrity Monitoring
Log Monitoring and File Integrity Monitoring
 
Identity & access management
Identity & access managementIdentity & access management
Identity & access management
 
Identity & Access Management for Securing DevOps
Identity & Access Management for Securing DevOpsIdentity & Access Management for Securing DevOps
Identity & Access Management for Securing DevOps
 
Identity and Access Management (IAM)
Identity and Access Management (IAM)Identity and Access Management (IAM)
Identity and Access Management (IAM)
 
PCI DSS Compliance
PCI DSS CompliancePCI DSS Compliance
PCI DSS Compliance
 
The Path to IAM Maturity
The Path to IAM MaturityThe Path to IAM Maturity
The Path to IAM Maturity
 
Identity Access Management 101
Identity Access Management 101Identity Access Management 101
Identity Access Management 101
 
Identity and Access Management (IAM)
Identity and Access Management (IAM)Identity and Access Management (IAM)
Identity and Access Management (IAM)
 
Webinar - pci dss 4.0 updates
Webinar - pci dss 4.0 updates Webinar - pci dss 4.0 updates
Webinar - pci dss 4.0 updates
 
Multi cloud security architecture
Multi cloud security architecture Multi cloud security architecture
Multi cloud security architecture
 
Radius vs. Tacacs+
Radius vs. Tacacs+Radius vs. Tacacs+
Radius vs. Tacacs+
 
Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CKIntroduction to MITRE ATT&CK
Introduction to MITRE ATT&CK
 
Identity and Access Management (IAM): Benefits and Best Practices 
Identity and Access Management (IAM): Benefits and Best Practices Identity and Access Management (IAM): Benefits and Best Practices 
Identity and Access Management (IAM): Benefits and Best Practices 
 
Identity Access Management (IAM)
Identity Access Management (IAM)Identity Access Management (IAM)
Identity Access Management (IAM)
 
Intel IT's Identity and Access Management Journey
Intel IT's Identity and Access Management JourneyIntel IT's Identity and Access Management Journey
Intel IT's Identity and Access Management Journey
 
Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security Architecture
 
5. Identity and Access Management
5. Identity and Access Management5. Identity and Access Management
5. Identity and Access Management
 
Identity and Access Management 101
Identity and Access Management 101Identity and Access Management 101
Identity and Access Management 101
 
Identity & Access Management Day 2022.pdf
Identity & Access Management Day 2022.pdfIdentity & Access Management Day 2022.pdf
Identity & Access Management Day 2022.pdf
 

En vedette

NIST CSD Cybersecurity Publications 20160417
NIST CSD Cybersecurity Publications 20160417NIST CSD Cybersecurity Publications 20160417
NIST CSD Cybersecurity Publications 20160417
James W. De Rienzo
 
Enterprise Data Governance for Financial Institutions
Enterprise Data Governance for Financial InstitutionsEnterprise Data Governance for Financial Institutions
Enterprise Data Governance for Financial Institutions
Sheldon McCarthy
 
Data Classification Presentation
Data Classification PresentationData Classification Presentation
Data Classification Presentation
Derroylo
 
Implementing a Data Lake with Enterprise Grade Data Governance
Implementing a Data Lake with Enterprise Grade Data GovernanceImplementing a Data Lake with Enterprise Grade Data Governance
Implementing a Data Lake with Enterprise Grade Data Governance
Hortonworks
 

En vedette (17)

How to Protect Your Mainframe from Hackers (v1.0)
How to Protect Your Mainframe from Hackers (v1.0)How to Protect Your Mainframe from Hackers (v1.0)
How to Protect Your Mainframe from Hackers (v1.0)
 
Mainframe Security - It's not just about your ESM v2.2
Mainframe Security - It's not just about your ESM v2.2Mainframe Security - It's not just about your ESM v2.2
Mainframe Security - It's not just about your ESM v2.2
 
Share 2015 - 5 Myths that can put your Mainframe at risk (v1.3)
Share 2015 - 5 Myths that can put your Mainframe at risk (v1.3)Share 2015 - 5 Myths that can put your Mainframe at risk (v1.3)
Share 2015 - 5 Myths that can put your Mainframe at risk (v1.3)
 
Cyber security and the mainframe (v1.3)
Cyber security and the mainframe (v1.3)Cyber security and the mainframe (v1.3)
Cyber security and the mainframe (v1.3)
 
Aiim 2010 roadshow - 8 things you should know about open source ecm - nuxeo (2)
Aiim 2010 roadshow - 8 things you should know about open source ecm - nuxeo (2)Aiim 2010 roadshow - 8 things you should know about open source ecm - nuxeo (2)
Aiim 2010 roadshow - 8 things you should know about open source ecm - nuxeo (2)
 
How to Improve RACF Performance (v0.2 - 2016)
How to Improve RACF Performance (v0.2 - 2016)How to Improve RACF Performance (v0.2 - 2016)
How to Improve RACF Performance (v0.2 - 2016)
 
2017 - Cibersecurity v1.0 (English version)
2017 - Cibersecurity v1.0 (English version)2017 - Cibersecurity v1.0 (English version)
2017 - Cibersecurity v1.0 (English version)
 
Webinar: Data Classification - Closing the Gap between Enterprise and SAP Data
Webinar: Data Classification - Closing the Gap between Enterprise and SAP DataWebinar: Data Classification - Closing the Gap between Enterprise and SAP Data
Webinar: Data Classification - Closing the Gap between Enterprise and SAP Data
 
Cyber Crime - The New World Order (v1.0 - 2016)
Cyber Crime - The New World Order (v1.0 - 2016)Cyber Crime - The New World Order (v1.0 - 2016)
Cyber Crime - The New World Order (v1.0 - 2016)
 
Nuxeo at 10
Nuxeo at 10Nuxeo at 10
Nuxeo at 10
 
RACF - The Basics (v1.2)
RACF - The Basics (v1.2)RACF - The Basics (v1.2)
RACF - The Basics (v1.2)
 
NIST CSD Cybersecurity Publications 20160417
NIST CSD Cybersecurity Publications 20160417NIST CSD Cybersecurity Publications 20160417
NIST CSD Cybersecurity Publications 20160417
 
Big Data Final Presentation
Big Data Final PresentationBig Data Final Presentation
Big Data Final Presentation
 
Enterprise Data Governance for Financial Institutions
Enterprise Data Governance for Financial InstitutionsEnterprise Data Governance for Financial Institutions
Enterprise Data Governance for Financial Institutions
 
Data Classification Presentation
Data Classification PresentationData Classification Presentation
Data Classification Presentation
 
Implementing a Data Lake with Enterprise Grade Data Governance
Implementing a Data Lake with Enterprise Grade Data GovernanceImplementing a Data Lake with Enterprise Grade Data Governance
Implementing a Data Lake with Enterprise Grade Data Governance
 
Classification of data
Classification of dataClassification of data
Classification of data
 

Similaire à Implementation of RBAC and Data Classification onto a Mainframe system (v1.5)

Adaptive & Unified Approach to Risk Management & Compliance-via-ccf
Adaptive & Unified Approach to Risk Management & Compliance-via-ccfAdaptive & Unified Approach to Risk Management & Compliance-via-ccf
Adaptive & Unified Approach to Risk Management & Compliance-via-ccf
awish11
 
SAP security made easy
SAP security made easySAP security made easy
SAP security made easy
ERPScan
 
Introduction of Secure Software Development Lifecycle
Introduction of Secure Software Development LifecycleIntroduction of Secure Software Development Lifecycle
Introduction of Secure Software Development Lifecycle
Rishi Kant
 
Oneview Pipeline IM
Oneview Pipeline IMOneview Pipeline IM
Oneview Pipeline IM
Ron Elias
 
Preparing for Systems of Record in the Cloud - AWS Summit Sydney
Preparing for Systems of Record in the Cloud - AWS Summit SydneyPreparing for Systems of Record in the Cloud - AWS Summit Sydney
Preparing for Systems of Record in the Cloud - AWS Summit Sydney
Amazon Web Services
 
Reduce the Burden Of Managing SAP With Enterprise Identity Management
Reduce the Burden Of Managing SAP With Enterprise Identity ManagementReduce the Burden Of Managing SAP With Enterprise Identity Management
Reduce the Burden Of Managing SAP With Enterprise Identity Management
SBWebinars
 

Similaire à Implementation of RBAC and Data Classification onto a Mainframe system (v1.5) (20)

Adaptive & Unified Approach to Risk Management & Compliance-via-ccf
Adaptive & Unified Approach to Risk Management & Compliance-via-ccfAdaptive & Unified Approach to Risk Management & Compliance-via-ccf
Adaptive & Unified Approach to Risk Management & Compliance-via-ccf
 
A successful application security program - Envision build and scale
A successful application security program - Envision build and scaleA successful application security program - Envision build and scale
A successful application security program - Envision build and scale
 
Minds Solvit Profile
Minds Solvit ProfileMinds Solvit Profile
Minds Solvit Profile
 
OIA administration
OIA administrationOIA administration
OIA administration
 
FedRAMP Certification & FedRAMP Marketplace
FedRAMP Certification & FedRAMP MarketplaceFedRAMP Certification & FedRAMP Marketplace
FedRAMP Certification & FedRAMP Marketplace
 
Sap Security Assessment V3 English
Sap Security Assessment V3 EnglishSap Security Assessment V3 English
Sap Security Assessment V3 English
 
Bringing the Cloud Back to Earth
Bringing the Cloud Back to EarthBringing the Cloud Back to Earth
Bringing the Cloud Back to Earth
 
SAP security made easy
SAP security made easySAP security made easy
SAP security made easy
 
Comcast, Integra LifeSciences, LPL Financial, and Smucker's - Doing Your ERP ...
Comcast, Integra LifeSciences, LPL Financial, and Smucker's - Doing Your ERP ...Comcast, Integra LifeSciences, LPL Financial, and Smucker's - Doing Your ERP ...
Comcast, Integra LifeSciences, LPL Financial, and Smucker's - Doing Your ERP ...
 
Introduction of Secure Software Development Lifecycle
Introduction of Secure Software Development LifecycleIntroduction of Secure Software Development Lifecycle
Introduction of Secure Software Development Lifecycle
 
Cybersecurity Program Assessment Services
Cybersecurity Program Assessment ServicesCybersecurity Program Assessment Services
Cybersecurity Program Assessment Services
 
Pactera - Cloud, Application, Cyber Security Trend 2016
Pactera - Cloud, Application, Cyber Security Trend 2016Pactera - Cloud, Application, Cyber Security Trend 2016
Pactera - Cloud, Application, Cyber Security Trend 2016
 
G05.2013 gartner top security trends
G05.2013 gartner top security trendsG05.2013 gartner top security trends
G05.2013 gartner top security trends
 
Oneview Pipeline IM
Oneview Pipeline IMOneview Pipeline IM
Oneview Pipeline IM
 
The Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your StoryThe Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your Story
 
The Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your StoryThe Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your Story
 
Preparing for Systems of Record in the Cloud - AWS Summit Sydney
Preparing for Systems of Record in the Cloud - AWS Summit SydneyPreparing for Systems of Record in the Cloud - AWS Summit Sydney
Preparing for Systems of Record in the Cloud - AWS Summit Sydney
 
Reduce the Burden Of Managing SAP With Enterprise Identity Management
Reduce the Burden Of Managing SAP With Enterprise Identity ManagementReduce the Burden Of Managing SAP With Enterprise Identity Management
Reduce the Burden Of Managing SAP With Enterprise Identity Management
 
Secure SDLC Framework
Secure SDLC FrameworkSecure SDLC Framework
Secure SDLC Framework
 
Ten Things You Should not Forget in Mainframe Security
Ten Things You Should not Forget in Mainframe Security Ten Things You Should not Forget in Mainframe Security
Ten Things You Should not Forget in Mainframe Security
 

Plus de Rui Miguel Feio

Plus de Rui Miguel Feio (13)

(2019) Hack All the Way Through From Fridge to Mainframe (v0.2)
(2019) Hack All the Way Through From Fridge to Mainframe (v0.2)(2019) Hack All the Way Through From Fridge to Mainframe (v0.2)
(2019) Hack All the Way Through From Fridge to Mainframe (v0.2)
 
(2017) GDPR – What Does It Mean For The Mainframe v0.2
(2017) GDPR – What Does It Mean For The Mainframe v0.2(2017) GDPR – What Does It Mean For The Mainframe v0.2
(2017) GDPR – What Does It Mean For The Mainframe v0.2
 
(2017) Cybercrime, Inc. (v3.2)
(2017) Cybercrime, Inc. (v3.2)(2017) Cybercrime, Inc. (v3.2)
(2017) Cybercrime, Inc. (v3.2)
 
2017 - A New Look at Mainframe Hacking and Penetration Testing v2.2
2017 - A New Look at Mainframe Hacking and Penetration Testing v2.22017 - A New Look at Mainframe Hacking and Penetration Testing v2.2
2017 - A New Look at Mainframe Hacking and Penetration Testing v2.2
 
2017 - Data Privacy and GDPR (v1.1)
2017 - Data Privacy and GDPR (v1.1)2017 - Data Privacy and GDPR (v1.1)
2017 - Data Privacy and GDPR (v1.1)
 
Network and Endpoint Security v1.0 (2017)
Network and Endpoint Security v1.0 (2017)Network and Endpoint Security v1.0 (2017)
Network and Endpoint Security v1.0 (2017)
 
2017 - Ciberseguranca v1.0 (versao em Portugues)
2017 - Ciberseguranca v1.0 (versao em Portugues)2017 - Ciberseguranca v1.0 (versao em Portugues)
2017 - Ciberseguranca v1.0 (versao em Portugues)
 
Tackling the cyber security threat (2016 - v1.0)
Tackling the cyber security threat (2016 - v1.0)Tackling the cyber security threat (2016 - v1.0)
Tackling the cyber security threat (2016 - v1.0)
 
Security Audit on the Mainframe (v1.0 - 2016)
Security Audit on the Mainframe (v1.0 - 2016)Security Audit on the Mainframe (v1.0 - 2016)
Security Audit on the Mainframe (v1.0 - 2016)
 
Cybercrime Inc. v2.2
Cybercrime Inc. v2.2Cybercrime Inc. v2.2
Cybercrime Inc. v2.2
 
Challenges of Outsourcing the Mainframe (v1.2)
Challenges of Outsourcing the Mainframe (v1.2)Challenges of Outsourcing the Mainframe (v1.2)
Challenges of Outsourcing the Mainframe (v1.2)
 
IOT & BYOD – The New Security Risks (v1.1)
IOT & BYOD – The New Security Risks (v1.1)IOT & BYOD – The New Security Risks (v1.1)
IOT & BYOD – The New Security Risks (v1.1)
 
The Billion Dollar Product - Online Privacy (v2.2)
The Billion Dollar Product - Online Privacy (v2.2)The Billion Dollar Product - Online Privacy (v2.2)
The Billion Dollar Product - Online Privacy (v2.2)
 

Dernier

A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 

Dernier (20)

Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 

Implementation of RBAC and Data Classification onto a Mainframe system (v1.5)

  • 1. Implementation of RBAC and Data Classification Steve Tresadern Rui Miguel Feio RSM Partners September 2014 v1.5
  • 2. Agenda l  Introductions l  Data Classification & Ownership l  Role-Based Access Control (RBAC) l  Maintain the environment l  Results l  Q&A
  • 3. Who are we? l  Steve Tresadern l  27 years mainframe experience l  Former z/OS Systems Programmer l  Experience in Cryptography, RACF, Compliance l  Rui Miguel Feio l  15 years mainframe experience l  Experience in z/OS, RACF, zSecure, Development l  Last 4 years working in Security and implementing RBAC
  • 5. Data Classification – What is it? l  Understanding what your data is Credit Card 11% Sarbanes Oxley 36% Customer - Confidential 16% Development 23% User 14%
  • 6. Data Classification – What is it? l  Who owns your data Credit Card 7% Insurance 22% HR 13% Branch 27% Systems 9% Development 14% User 8%
  • 7. Data Classification – Reasons to do it l  Audit requirements l  Compliance l  Who has privileged access? l  Who is accessing confidential information? l  Reduce the risk of fraud?
  • 8. Data Classification – Aims l  Every dataset and resource profile must be; l  Classified in terms of confidentiality and integrity. l  All linked to an application. l  The basic security correctly defined l  Understand who has privileged access l  All applications have a business/data owner. l  Ideally they should approve all access l  Review who has access
  • 9. Sources for Data Classification RACF Database Naming Standards Access Monitor Support Teams Local Knowledge XBridge Datasniff
  • 10. Sources for Data Ownership Data Ownership RACF Database Service Management Support Teams Service Database Local Knowledge
  • 11. Data Classification – Challenges l  Lack of knowledge in support teams l  Development Team Processes l  Business areas cooperation l  Non-RACF based security l  Unravelling of the environment l  Service Database – Up to date?
  • 12. Data Classification Benefits Reduced Risk of Fraud Who has privileged access Focused Monitoring Recertification Audit Compliance
  • 14. RBAC – Reasons to do it l  Business organisation keeps changing l  Managing the mainframe security environment l  Audit requirements l  Compliance l  Recertification l  Remove access not required
  • 15. RBAC Common Challenges - I l  Historical code l  Global Access Table (GAT) l  Lack of technical knowledge l  Business areas cooperation l  Least Privilege access implementation l  DB2
  • 16. RBAC Common Challenges - II l  Recertification tools l  Unravelling of the RBAC
  • 17. RBAC – Define Standards and Rules Personal userid connected to one role group Role group describes the business role Role group contains all the access All role groups will have an ‘owner’ Define RBAC Rules
  • 18. RBAC - Sources of data Sources HR Data RACF Business Org. Chart Phone List Global Address List Local Knowledge Access Monitor
  • 19. RBAC Stages – An overview Update/Develop Processes Implement RBAC Test RBAC implementation Devise RBAC implementation plan Engage with managers and users Identify logical grouping Analyse and prepare mainframe environment
  • 20. RBAC Implementation Tools l  RSM RBAC tool l  RSM DB2 RBAC Tools l  Access Monitor data l  RACF Offline l  CARLa code
  • 21. RBAC Benefits – Some examples Reduced Risk Fraud Security Management Joiners Movers Leavers Recertification Audit Monitor Who is who Who does what Least Privilege Access
  • 23. Tools – Maintain the environment l  In-House – Security Panels l  IBM zSecure Command Verifier l  IBM zSecure z/Alert l  RSM - zMonitor l  RSM – zDashboard
  • 24. Tools – RSM zMonitor
  • 25. Tools – RSM zDashboard
  • 27. Reduction in Privileged Accesses 73,669 737,468 0 200,000 400,000 600,000 800,000 After Before
  • 28. Reduction in Privileged Users 4,347 12,949 0 2,000 4,000 6,000 8,000 10,000 12,000 14,000 After Before
  • 30. Contact Details l  Rui Miguel Feio - ruif@rsmpartners.com l  Steve Tresadern - stevet@rsmpartners.com l  RSM Partners - www.rsmpartners.com