× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. November 2004

Security concerns /// this issue is bigger than just Sarbanes-Oxley

Dear Mike,                                                         +> vendor 
response

Your note raises issues that are pertinent to COBIT standards; those
"Control Objectives for Information & Related Technology" merited
attention long before Congress passed the Sarbanes-Oxley Act.

Here is a 65,000-foot level review of COBIT which has sub-links
which drill down into as much detail as you care to dig into:
    http://www.unbeatenpathintl.com/cobit/source/2.html

Our 'Bill of Health' software generates a 100% complete assessment
of OS/400 security. It also reports: i) the implication of each 
discovered vulnerability, and  ii) a suggested approach to mitigate 
each risk, including the ones mentioned in your note. 
    http://www.unbeatenpathintl.com/BOH/source/1.html

Auditors like 'Bill of Health' because the results are from an objective
source and because the results can be replicated. Each time someone
important leaves your enterprise or some sensitive aspect about your
system changes, the report can be launched again to quickly analyze
any "net change" in your system security profile.

Warm regards,

Milt Habeck
Unbeaten Path
(888) 874-8008
(262) 681-3151
mhabeck@xxxxxxxxxx
www.unpath.com




+++++++   +++++++   +++++++   +++++++   +++++++   +++++++
From: Mike Berman
To: Midrange Systems Technical Discussion
Sent: Thursday, November 11, 2004 8:03 AM
Subject: Security concerns

How realistic is this scenario?
We have had many programmers and consultants come and go. They
all know our IP address of our production Iseries. What is to stop
someone from using a profile that was in use in the past and was
never deleted?

For example, I just found such a profile of a programmer who left
here 5 years ago, still enabled. If someone harbored a grudge,
what is to stop them from FTP's into our system and deleting files?
Or even to just shut down all the subsystems ?
Is there a way to disable what one can do in an FTP session?

Thanks,

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.