It is amazing to me that another year is already coming to an end. With the mad dash of last minute shoppers (yes, that would be me this year!), and the certainty of a white Christmas for us in much of the Midwest, it is definitely going out with a bang. In fact, although Winter officially began yesterday, the readers of this blog will know that we have been feeling it in Minneapolis for several weeks. December 21st is marked as Winter Solstice—the shortest day of the year due to the Earth’s tilt—so the good news is that summer is on its way. Ok, so I’m an eternal optimist!

In the spirit of the season, I thought I would create a last-minute holiday wish-list for the security officers that made Santa’s “good” list:

Perform an assessment

This is a good way to get the baseline metrics reviewed; identify the areas of weakness and strength so you can focus your resources where they are needed.

This one is a stocking stuffer, as PowerTech does it for free!

Create a policy

It is hard to measure your progress without a policy. You can even start with the open-source one at www.powertech.com!

Update your system values

Make sure that the server configuration reflects the directives in your security policy. After you set the correct attributes, use the policy feature of PowerTech Compliance Monitor to validate that nothing has changed with scorecard views of system value compliance.

Secure Your Borders

Internal employees are the cause of approximately 70% of data integrity events. Ensure that you don’t secure just your perimeter and leave corporate users with unrestricted network access. Any user with access to your servers should be audited and controlled. PowerTech’s Network Security provides both auditing and access control of powerful interfaces like FTP, ODBC, and remote command.

Don’t overlook your powerful users

Sure, we expect our programmers and administrators to run and maintain a system, but would we want them to have our social security numbers, bank balances, and the “skeleton key” to our corporate data? Try to reduce unnecessary assignment of special authorities, and then use a tool like PowerTech Authority Broker to facilitate on-demand access to super-users while auditing their activities.

Educate your staff

PowerTech conducts weekly online Webinars, as well as eTraining. In 2010, we are also taking some classes out on the road. Registration for the eTraining will open shortly at www.powertech.com. Get on our newsletter list while you are there and stay informed of events, as well as related security news and articles specific to IBM i.

We know that taking that first step can sometimes be a daunting one. If you are not sure how to get started, allow our team here to guide your compliance sleigh! After all, we have being doing it for years.

Happy Holidays!!

This entry was posted on Tuesday, December 22nd, 2009 at 8:54 am and is filed under Auditing, Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.