We just had IBM in two weeks ago for their security review exit. They have a data collection tool that you run ahead of time, upload the results to them, they analyze it and then come on site to review the findings. I don't know what the costs were like but we all agreed it was beneficial and the costs must not have been too bad as we will probably have the same service performed annually.
Our systems (two machines, total of three LPARs) were installed by our software vendor before I was hired and after their initial setup we started to implement security (after I arrived) while they we installing and the install team basically shut us down from doing so (to much potential impact on the conversion process, etc.). We managed to make sure no big holes got opened by a particular set of their installers that believe the answer to every security issue is *PUBLIC *ALL, but we still have things to address and it was nice to have an IBM assessment to get time and resources allocated to bettering our security profile. The gentleman we worked with was very knowledgeable and personable and did a great job presenting to management.
Core Processing Administrator/Analyst
Washington Trust Bank
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Steinmetz, Paul
Sent: Monday, June 30, 2014 10:01
To: 'Midrange Systems Technical Discussion'
Subject: IBM i Security assessment
Has anyone had an IBM I Security assessment done recently?
Does IBM have a tool for this?
If not, looking for recommendations and estimated cost?
IBM i Systems Administrator
Pencor Services, Inc.
462 Delaware Ave
Palmerton Pa 18071
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l
This electronic mail message and any attachments may contain confidential or privileged
information and is intended for use solely by the above-referenced recipient. Any review,
copying, printing, disclosure, distribution, or other use by any other person or entity is
strictly prohibited under applicable law. If you are not the named recipient, or believe
you have received this message in error, please immediately notify the sender by replying
to this message and delete the copy you received. =====================================================================================================