× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. BPCS-L
  3. June 2004

Security for BPCS #7 ---> the search for hanky-panky

Dear Jim  ~  response #7,

Not every data integrity problem is caused by the kind of 
internal control deficit discussed in my response #6. 
Sometimes DB2 integrity issues are caused by individuals with 
unconstructive objectives. Does Badger Meter, Inc. have a way 
to detect this kind of hanky-panky ...... ?

              A.  audit security stuff turned OFF, 
              B.  hanky panky accomplished, 
              C.  then turn the security back ON again.

That tactic will trick audit software that relies on triggers
 ... but ... it will not escape the gaze of our Stitch-in-Time (tm)
Data Integrity software:
   http://www.unbeatenpathintl.com/award/source/1.html  

Stitch-in-Time catches irregular activities of this 
kind ... it even catches someone smart enough to think
that they can defeat audit trails and monitoring strategies.
It would tell your security officer:

   1) WHO did it, and ... 
   2) precisely WHEN they did it, and ... 
   3) exactly WHAT they did, and ... 
   4) HOW they did it  

Since your company has a Sarbanes-Oxley compliance issue, 
then any hint of "hanky panky" vulnerability must be erased 
now. Stitch-in-Time Data Integrity software will do that.  

Please see this subsequent response for BPCS/SOX topics:

  #8 ~~ introduction to several other clever and affordable
             Stocking Stuffers (tm) for SOX products designed to help
             enterprises prepare for Sarbanes-Oxley.

God bless,

Milt Habeck
Unbeaten Path International

Toll free North America:  (888) 874-8008
International voice: (262) 681-3151
European contact: (44) 1-737-824248
mhabeck@xxxxxxxxxx  
www.unbeatenpathintl.com  



++++++++   +++++++   +++++++   +++++++   +++++++   +++++
From: Reinardy, James
To: bpcs-l@xxxxxxxxxxxx
Sent: Wednesday, June 09, 2004 3:17 PM
Subject: DB2 Users

Hello All,

We are running BPCS 6.04 on iSeries.  I am trying to understand the
relationship between iSeries users, BPCS users and DB2 file access. The
concern is arising because of Sarbanes-Oxley.  Our auditors are
suggesting that we need to lock down file privileges against the BPCS
database, but we are a little unclear about what user BPCS uses for data
access against DB2.  Is it the individual user that is logged into BPCS,
that user with a changed profile (SSA perhaps vs. *PUBLIC), or some other
generic user?

The idea here is to restrict access on a file by file basis for AS400Query,
SQL queries, ODBC connections, etc.  However, we want to be sure if
we lock things down that we don't break BPCS screens and batch
jobs.  Any suggestions on how to improve our understanding in this area
would be appreciated.

Regards,

Jim Reinardy
Director-IS
Badger Meter, Inc.

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.