the importance of mainframe security education
TRANSCRIPT
![Page 1: The Importance of Mainframe Security Education](https://reader033.vdocuments.us/reader033/viewer/2022051318/586fde9c1a28ab18428b6c61/html5/thumbnails/1.jpg)
World®’16
TheImportanceofMainframeSecurityEducationMr.SteveHosie - President,CISSP,CISM- CyberSecurity.Services
MFX173S
MAINFRAMEANDWORKLOADAUTOMATION
![Page 2: The Importance of Mainframe Security Education](https://reader033.vdocuments.us/reader033/viewer/2022051318/586fde9c1a28ab18428b6c61/html5/thumbnails/2.jpg)
2 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
©2016CA.Allrightsreserved.Alltrademarksreferencedhereinbelongtotheirrespectivecompanies.
Thecontentprovidedinthis CAWorld2016presentationisintendedforinformationalpurposesonlyanddoesnotformanytypeofwarranty. The informationprovidedbyaCApartnerand/orCAcustomerhasnotbeenreviewedforaccuracybyCA.
ForInformationalPurposesOnlyTermsofthisPresentation
![Page 3: The Importance of Mainframe Security Education](https://reader033.vdocuments.us/reader033/viewer/2022051318/586fde9c1a28ab18428b6c61/html5/thumbnails/3.jpg)
3 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
Abstract
Educationisthefoundationofeffectivemainframesecurity,andtosecurethemostmission-essentialassetsinthebusiness,mainframeteamsmustbeproperlyeducatedonthegreaterindustrystandardsandthesecurityproductstheymanage.Ifteamslacktheappropriatetraining,howdoesanyoneknowiftheirsensitivemainframedataisactuallysecure?Thissessionwilldiveintotheimportanceofmainframesecurityeducationatalllevelstoenableteamstobettersecuremainframeapplications,providewaystosimplifymainframesecuritydocumentationandsharebestpracticesforincreasingcollaborationandmainframesecurityeducation.
SteveHosieCyberSecurity.ServicesPresident,CISSP,CISM
![Page 4: The Importance of Mainframe Security Education](https://reader033.vdocuments.us/reader033/viewer/2022051318/586fde9c1a28ab18428b6c61/html5/thumbnails/4.jpg)
4 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
Agenda
VALUEFORSTAKEHOLDERS
IDENTIFYTHEWHOANDWHY
WHATLEVELOFEDUCATION- MAINFRAMELPARORAPPLICATION
THE“MISSINGLINK”
EDUCATIONLINKS
1
2
3
4
5
![Page 5: The Importance of Mainframe Security Education](https://reader033.vdocuments.us/reader033/viewer/2022051318/586fde9c1a28ab18428b6c61/html5/thumbnails/5.jpg)
5 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
ValuetoStakeholders
§ Inadequateandineffectivesecuritycontrolshaveleftindividualsandcorporationsmorevulnerabletoillegalactivitiessuchascomputerfraud,abuse,theftandtheunauthorizeddisclosure,modification,ordestructionofinformation
§ Lackoftrainingguaranteesinadequatesecuritycontrolswillbeimplementedduetosuchbasicsas“notknowinghowtoeffectivelyutilizetheMainframeSecuritytools”toprotectyourdata
![Page 6: The Importance of Mainframe Security Education](https://reader033.vdocuments.us/reader033/viewer/2022051318/586fde9c1a28ab18428b6c61/html5/thumbnails/6.jpg)
6 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
ValuetoStakeholders
§ IfyourCyberSecurityteamarenoteducatedinhowtofullyandproperlyutilizetheMainframeSecuritytools– howcanyoubeassuredyourdataisproperlyprotected?
§ AsyourCyberSecurityteam– whatarethetop10mostcriticalresources,whataccesslevelsareheldbywhomandwhenwasthelastreportreviewedforthoseresources
§ JustbecauseanAuditorfailedtoknowwheretolook,whatquestionstoask– doesthatmeanyourdataisprotected?
![Page 7: The Importance of Mainframe Security Education](https://reader033.vdocuments.us/reader033/viewer/2022051318/586fde9c1a28ab18428b6c61/html5/thumbnails/7.jpg)
7 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
ValuetoStakeholders
§ InvestingintheeducationofyourMainframeCyberSecuritystaffforproperutilizationoftheMainframeSecuritytoolsisadirectinvestmentinprotectingyourdata
![Page 8: The Importance of Mainframe Security Education](https://reader033.vdocuments.us/reader033/viewer/2022051318/586fde9c1a28ab18428b6c61/html5/thumbnails/8.jpg)
8 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
WhoAretheMainframeSecurityAdministrators
§ WhoperformsMainframeSecurity-– z/OSSystemCyberSecurityTeamMembers
§ IndividualswhoareresponsibleforCyberSecuritycontrolsoverthez/OSSystemleveland3rd partysoftwareproducts– EnsuringSecurityControlshaveproperlyandfullysecuredtheSecureMainframe
Platformbaseduponwelldocumentedz/OSSecurityStandards
– WithoutEducation,howwouldresponsibleteammembersknowhowtofullyandproperlyutilizingallsecurityproductfeaturesensuringthez/OSPlatformhasbeenproperlysecured?
z/OSSystemorApplication
![Page 9: The Importance of Mainframe Security Education](https://reader033.vdocuments.us/reader033/viewer/2022051318/586fde9c1a28ab18428b6c61/html5/thumbnails/9.jpg)
9 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
WhoAretheMainframeSecurityAdministrators
§ WhoperformsMainframeSecurity?– z/OSMainframe“Customer”ApplicationCyberSecurity
TeamMembers§ IndividualswhoareresponsibleforCyberSecuritycontrolsovertheApplicationsandactualapplicationdata(Sensitive,PII,HIPAA,PCI,etc)– WithoutpropereducationonhowtoutilizetheMainframeSecurityproductsto
protecttheactualdataandapplicationsprocessingontheMainframePlatform–isyourdataprotected?Howwouldyouknow?
– Howwouldthoseresponsibletoprotectyourdatabeabletoprovideassuranceiftheydonotknowhowtoutilizethesecurityproduct?
z/OSSystemandMainframeApplicationCyberSecurityTeams
![Page 10: The Importance of Mainframe Security Education](https://reader033.vdocuments.us/reader033/viewer/2022051318/586fde9c1a28ab18428b6c61/html5/thumbnails/10.jpg)
10 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
WhoElseShouldReceiveTraining-
§ WhoelseperformsMainframeSecurity-
– z/OSSystemlevel“HelpDesk”
– z/OSAuditors
– z/OSApplicationAuditors
![Page 11: The Importance of Mainframe Security Education](https://reader033.vdocuments.us/reader033/viewer/2022051318/586fde9c1a28ab18428b6c61/html5/thumbnails/11.jpg)
11 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
WhatLevelofTraining
§ Trainingonz/OSMainframeSecurityModelandoverviewofMainframeSecurityProducts
§ CA-ACF2,CA-AUDITOR,CACLEANUP,CATOPSECRETandothersuchz/OSMainframeSecurityproducts
– Alllevels:§ Managementofz/OSSystemTeams,§ Management/OwnersofCustomerApplications/data,§ ManagementoverthevariousMainframeCyberSecurityTeams,§ CyberSecurityteammembers- z/OSSystemlevelandApplication/datalevels
§ Auditors
z/OSSystemorApplication
![Page 12: The Importance of Mainframe Security Education](https://reader033.vdocuments.us/reader033/viewer/2022051318/586fde9c1a28ab18428b6c61/html5/thumbnails/12.jpg)
12 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
WhatLevelofTraining
§ Trainingonz/OSMainframeSecurityProductBasics–§ BasicsonhowtouseCA-ACF2,CA-AUDITOR,CACLEANUP,CATOPSECRETandothersuchz/OSMainframeSecurityproducts
– z/OSSystemProgrammers– z/OSSystemLevelCyberSecurityteammembers– z/OSApplicationCyberSecurityteammembers– HelpDesk/CustomerService– Auditors
z/OSSystemandApplicationCyberSecurityTeams,MainframeAuditors,HelpDesk
![Page 13: The Importance of Mainframe Security Education](https://reader033.vdocuments.us/reader033/viewer/2022051318/586fde9c1a28ab18428b6c61/html5/thumbnails/13.jpg)
13 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
WhatLevelofTraining
§ Trainingonz/OSMainframeSecurityProductSetupandAdvanced–
§ InDepthconfigurationsettings,advancedfundamentalsonhowtouseCA-ACF2,CA-AUDITOR,CACLEANUP,CATOPSECRETandothersuchz/OSMainframeSecurityproducts
– z/OSSystemProgrammers– z/OSSystemLevelCyberSecurityteammembers
z/OSSystemProgrammersandz/OSSystemCyberSecurityTeams
![Page 14: The Importance of Mainframe Security Education](https://reader033.vdocuments.us/reader033/viewer/2022051318/586fde9c1a28ab18428b6c61/html5/thumbnails/14.jpg)
14 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
WhatLevelofTraining
§ Trainingonhowtoreview,documentandproperlysecureCustomerApplicationsandDataonz/OSMainframes–
– CyberSecurityteammembersresponsibleforthesecuritycontrolsatthez/OSSystemlevel
– CyberSecurityteammembersresponsibleforthesecurityofthecustomerapplicationsanddatalevels
– Management/ownersofCustomerApplicationsanddata– MainframeApplicationAuditors
z/OSSystemCyberSecurityTeams,ApplicationCyberSecurityteams,Auditors
![Page 15: The Importance of Mainframe Security Education](https://reader033.vdocuments.us/reader033/viewer/2022051318/586fde9c1a28ab18428b6c61/html5/thumbnails/15.jpg)
15 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
The“MissingLink”inMainframeSecurityEducation
– MainframeApplicationLevelSecurityTrainingisoftenthe“Missinglink”.It’softenonlytrainedinthebasicsyntaxofthesecurityproduct,butnothowtoeffectivelyreviewandimplementcontrolsinrelationshiptotheApplicationordatatheyareresponsiblefor
– Applicationanddatalevelsecuritycontrols– whatcontrolsshouldbedocumented,implementedandvalidated?
– DoestheApplicationCyberSecurityteamknowhowtoeffectivelyusethesecurityproducts?
– WherecantheyobtainApplicationLevelCyberSecuritytrainingonhowtoutilizetheMainframeSecuritytoolsfortheirapplication?
TheApplicationLayer
![Page 16: The Importance of Mainframe Security Education](https://reader033.vdocuments.us/reader033/viewer/2022051318/586fde9c1a28ab18428b6c61/html5/thumbnails/16.jpg)
16 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
The“MissingLink”inMainframeSecurityEducation
– HowtoblendSecurityproductssyntaxwithappropriateapplicationofCyberSecurityConceptswithinthez/OSMainframeEnvironment.
– Command“syntax”toknowingwhichaccesscontrolsareappropriate– Knowingwhichaccessisnotappropriatetogrant– KnowingwhatarethecriticalresourcesSystemandApplication(s)– Howtomonitoraccess– Somuchmore.– Ittakesyearsoflearning,educationanddedicationtobecomea
MainframeCyberSecurityProfessional.– ~InMemoryofMichaelEsberger,MainframeSecurityProfessionaland
Educator1950– 2016.
TheApplicationLayer
![Page 17: The Importance of Mainframe Security Education](https://reader033.vdocuments.us/reader033/viewer/2022051318/586fde9c1a28ab18428b6c61/html5/thumbnails/17.jpg)
17 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
MainframeSecurityEducationLinks
– CAWorldprovidesunlimitedselfdirectedMainframeSecurityproductsviathelabsessions
– Searchhttp://www.ca.com/us/education-training.html
– AskCAtoprovidetheirselfdirectedMainframeSecurityProducttrainingviaonline(www)soyourCyberSecurityteamscanaccess
![Page 18: The Importance of Mainframe Security Education](https://reader033.vdocuments.us/reader033/viewer/2022051318/586fde9c1a28ab18428b6c61/html5/thumbnails/18.jpg)
18 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
RecommendedSessions
SESSION# TITLE DATE/TIME
SCT22S CARoadmap:PrivilegedAccessManagement 11/16/2016at4:30pm
MFX172S TheKeytoComplyingWithNewRegulationsandStandards:ComprehensiveMainframeSecurity 11/16/2016at4:30pm
MFT175S GapsinYourDefense:HackingtheMainframe 11/17/2016at3:00pm
![Page 19: The Importance of Mainframe Security Education](https://reader033.vdocuments.us/reader033/viewer/2022051318/586fde9c1a28ab18428b6c61/html5/thumbnails/19.jpg)
19 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
MainframeSecurityEducationInvestingMainframeSecurityEducationwillhelpguaranteeadequatesecuritycontrolsareproperlyimplementedbyCyberSecurityTeammembersknowinghavingobtainedtheknowledgeandunderstandingtoeffectivelyusetheMainframeSecuritytoolsinordertoensureprotectionofyourdata.
SummaryAFewWordstoReview
![Page 20: The Importance of Mainframe Security Education](https://reader033.vdocuments.us/reader033/viewer/2022051318/586fde9c1a28ab18428b6c61/html5/thumbnails/20.jpg)
20 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
Questions?
![Page 21: The Importance of Mainframe Security Education](https://reader033.vdocuments.us/reader033/viewer/2022051318/586fde9c1a28ab18428b6c61/html5/thumbnails/21.jpg)
21 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
Thankyou.
Stayconnectedatcommunities.ca.com
![Page 22: The Importance of Mainframe Security Education](https://reader033.vdocuments.us/reader033/viewer/2022051318/586fde9c1a28ab18428b6c61/html5/thumbnails/22.jpg)
22 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
MainframeandWorkloadAutomation
FormoreinformationonMainframeandWorkloadAutomation,pleasevisit:http://cainc.to/9GQ2JI