|
Dear Jim ~ response #5, Response #2 asserted that 100% perfect application of BPCS' SYS600 functionality wouldn't prepare your company for a SOX audit ... unless your OS/400 security is architected to mitigate SSA group profile risks. Responses #3 and #4 then spoke about how Bill of Health Security Diagnostic reports can help your company mitigate OS/400 security risks. Let's now go back to the SYS600 topic inherent in your e-mail below. We've heard many complaints that SOX practice audits are consuming enormous amounts of IS time answering questions like: "give me a list of all BPCS users that can run program INVxxx." To get those answers, a security administrator must sequentially access each BPCS user profile and analyze the several ways usage authority can be acquired by a given user for a given program (or warehouse or company or whatever). That's C-L-U-N-K-Y. BPCS warrior Al Macintyre calls it "SECURITY BY OBSCURITY." That's why our "By Invitation Only" (tm) software has been so well received. With "By Invitation Only," a couple of menu selections will immediately display comprehensive responses to any BPCS usage question a SOX auditor could dream up. http://www.unbeatenpathintl.com/BIOnly-start/source/1.html There's a free demo available via e-mail. Please see these subsequent responses for BPCS/SOX topics: #6 ~~ learn how the PCAOB interpretation of SOX compels external auditors to look at the details of each BPCS business processes to identify internal control deficits and the consequent BPCS data integrity issues. #7 ~~ information about our award-winning Stitch-in-Time (tm) Data Integrity software that enables you to respond to SOX auditor inquiries about the integrity of DB2 information. #8 ~~ introduction to several other clever and affordable Stocking Stuffers (tm) for SOX products designed to help enterprises prepare for Sarbanes-Oxley. God bless, Milt Habeck Unbeaten Path International Toll free North America: (888) 874-8008 International voice: (262) 681-3151 European contact: (44) 1-737-824248 mhabeck@xxxxxxxxxx www.unbeatenpathintl.com ++++++++ +++++++ +++++++ +++++++ +++++++ +++++ From: Reinardy, James To: bpcs-l@xxxxxxxxxxxx Sent: Wednesday, June 09, 2004 3:17 PM Subject: DB2 Users Hello All, We are running BPCS 6.04 on iSeries. I am trying to understand the relationship between iSeries users, BPCS users and DB2 file access. The concern is arising because of Sarbanes-Oxley. Our auditors are suggesting that we need to lock down file privileges against the BPCS database, but we are a little unclear about what user BPCS uses for data access against DB2. Is it the individual user that is logged into BPCS, that user with a changed profile (SSA perhaps vs. *PUBLIC), or some other generic user? The idea here is to restrict access on a file by file basis for AS400Query, SQL queries, ODBC connections, etc. However, we want to be sure if we lock things down that we don't break BPCS screens and batch jobs. Any suggestions on how to improve our understanding in this area would be appreciated. Regards, Jim Reinardy Director-IS Badger Meter, Inc.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
