We have had that problem brought up to us by our auditors.  They have
concluded that it is nice to have security around the product, but that does
not actually provide proof that nothing has changed in the job.  I asked
Help Systems to assist with this proof, and they tweaked the auditing
capability of their Schedule.  If you go into the Audit Menu (opt 7), then
select Display Audit Log (opt 4), you will notice more parameters to display
any changes to a Robot Job.  I actually worked with Help Systems on this and
we now generate a report every week showing any changes in ANY way to a Job
Schedule Entry.  Our auditors are very satisfied with this report in
conjunction with normal security of the product.

Larry 

======================

Larry Ketzes
Senior Security Project Analyst
American Life Insurance Company

One ALICO Plaza
600 King Street
Wilmington, DE 19801
Phone: 302-594-2146
Mobile: 302-559-1631

Fax: 302-830-4524


Email: larry.ketzes@xxxxxxx

 


-----Original Message-----
From: security400-bounces@xxxxxxxxxxxx
[mailto:security400-bounces@xxxxxxxxxxxx] On Behalf Of Turnidge, Dave
Sent: Tuesday, July 11, 2006 11:43 AM
To: Security Administration on the AS400 / iSeries
Subject: Re: [Security400] Help Systems Robot Schedule...

Nope - that's not a problem. They are STILL fantastic to work with.
Robot has a very tight security setup. There is only one problem that I
wish was resolved, and that is that you can't use secondary groups in
their security scenario. This is acknowledged, and may be taken care of
with release 10.

I'm just wondering what settings others have used in the real world. I
have a plan...which is supposed to be put into effect today. But I am a
believer in the "multitude of counsel".

Thanks for the response... :-) 

-----Original Message-----
From: security400-bounces@xxxxxxxxxxxx
[mailto:security400-bounces@xxxxxxxxxxxx] On Behalf Of Chuck Lewis
Sent: Tuesday, July 11, 2006 10:42 AM
To: 'Security Administration on the AS400 / iSeries'
Subject: Re: [Security400] Help Systems Robot Schedule...

Dave,

Hate to hear that (Help Systems answer) because I have always found them
to be fantastic to work with. Did they acknowledge this issue or say it
wasn't one, etc. ?

And I guess I don't really understand why programmers and help desk
folks would be using Robot Schedule? I too have used Robot Schedule
going back to the S/38 days at several different companies and we always
tightly controlled access to Robot Schedule (?).

Chuck

-----Original Message-----
From: security400-bounces@xxxxxxxxxxxx
[mailto:security400-bounces@xxxxxxxxxxxx] On Behalf Of Turnidge, Dave
Sent: Thursday, July 06, 2006 11:40 AM
To: Security Administration on the AS400 / iSeries
Subject: [Security400] Help Systems Robot Schedule...

We have been using Help Systems Robot Schedule for many years. But,
along came SOX and interrupted our tranquil life. Now I need to set up
Robot so that programmers and help desk personnel don't have access to
the jobs, and yet, can get their jobs done.

Primarily, this is because the profile being used by a job may have
(probably has) more authority than the person doing maintenance to the
job. That means that a person could add a command to the job to do
something nefarious - like deleting all the libraries - or something
like that.

I am wondering if anyone else has already gone through this exercise and
can give some guidelines that they ended up following. I have called
Help Systems, and they don't have anything more than their manual, as
far a instructions or methods go.

Thank you,

Dave

_______________________________________________
This is the Security Administration on the AS400 / iSeries (Security400)
mailing list To post a message email: Security400@xxxxxxxxxxxx To
subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/security400
or email: Security400-request@xxxxxxxxxxxx Before posting, please take a
moment to review the archives at
http://archive.midrange.com/security400.


_______________________________________________
This is the Security Administration on the AS400 / iSeries (Security400)
mailing list
To post a message email: Security400@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/security400
or email: Security400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/security400.

As an Amazon Associate we earn from qualifying purchases.

This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2021 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.