|
Dear Jim ~ response #4, Response #3 spoke about the half-dozen OS/400 vulnerabilities that were most surprising to a panel of seasoned BPCS technical experts. Other OS/400 security issues will certainly invoke SOX audit scrutiny and our new product Bill of Health looks for each of them. The product runs a fine tooth comb through every conceivable OS/400 security issue and provides a written report on vulnerabilities, the implications of those vulnerabilities, and a prescription to mitigate discovered risks. This navigation page: http://www.unbeatenpathintl.com/BOH-Benefits/source/1.html is hooked to dozens of OS/400 security discussions composed for a non-technical audience. Here's a sampling of topic titles: >> Can a trigger program be a Trojan horse? >> Egyptian stop and go lights >> Password sunsets >> Dead-man switch >> Abracadabra: using another person's profile without his/her password >> Minding your Ps and Queues >> Writing your own hall pass >> Making a list and checking it twice >> To Tell the Truth: will the real user profile please stand up? >> Illegitimate exposure For those of you who are both technically oriented and courageous, here's a 40 page .pdf download. http://www.unbeatenpathintl.com/sampledeliverable.pdf. It's a sample report printed by our Bill of Health product. Please see these subsequent responses for BPCS/SOX topics: #5 ~~ information about a much more SOX-friendly idea than BPCS' clunky SYS600 security system. #6 ~~ learn how the PCAOB interpretation of SOX compels external auditors to look at the details of each BPCS business processes to identify internal control deficits and the consequent BPCS data integrity issues. #7 ~~ information about our award-winning Stitch-in-Time (tm) Data Integrity software that enables you to respond to SOX auditor inquiries about the integrity of DB2 information. #8 ~~ introduction to several other clever and affordable Stocking Stuffers (tm) for SOX products designed to help enterprises prepare for Sarbanes-Oxley. God bless, Milt Habeck Unbeaten Path International Toll free North America: (888) 874-8008 International voice: (262) 681-3151 European contact: (44) 1-737-824248 mhabeck@xxxxxxxxxx www.unbeatenpathintl.com ++++++++ +++++++ +++++++ +++++++ +++++++ +++++ From: Reinardy, James To: bpcs-l@xxxxxxxxxxxx Sent: Wednesday, June 09, 2004 3:17 PM Subject: DB2 Users Hello All, We are running BPCS 6.04 on iSeries. I am trying to understand the relationship between iSeries users, BPCS users and DB2 file access. The concern is arising because of Sarbanes-Oxley. Our auditors are suggesting that we need to lock down file privileges against the BPCS database, but we are a little unclear about what user BPCS uses for data access against DB2. Is it the individual user that is logged into BPCS, that user with a changed profile (SSA perhaps vs. *PUBLIC), or some other generic user? The idea here is to restrict access on a file by file basis for AS400Query, SQL queries, ODBC connections, etc. However, we want to be sure if we lock things down that we don't break BPCS screens and batch jobs. Any suggestions on how to improve our understanding in this area would be appreciated. Regards, Jim Reinardy Director-IS Badger Meter, Inc.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
