With the number of major data security breaches on the rise, threats to merchants and service providers can include exorbitant litigation costs and loss of customer goodwill.

How confident are you about your PCI compliance? To achieve and maintain compliance with PCI Security Council standards, InfoSec, Inc. (InfoSec) has developed a robust PCI practice that specializes in:

-        PCI audit-assessments

-        automated mainframe and system data searches

-        scoping assistance

-        gap analyses

-        remediation assistance

-        security scans

-        secure code audits

-        compliance reporting

Plus, if you have a z/OS mainframe, our new tool – DataSniff – can help to ensure you achieve PCI DSS compliance. Learn about DataSniff here.

If so, you could be at risk for HIPPA, PCI and Sarbanes-Oxley violations. Plus, that scenario might prevent you from passing your annual audit. It’s truly the trifecta of risk.

Consider Database Security Externalization for your organization. Administering database security via your external security manager (IBM-RACF, CA-Top Secret or CA-ACF2) addresses several key issues:

• The “fox guarding the henhouse” situation
• Unauthorized access to confidential data
• Align database security with the corporate security team, not the database team

DBA’s should be doing logical and physical database design and performance tasks, not dealing with the security of the data.  Besides, the DBA team is not typically involved in overall corporate security strategy, so it’s just not a good fit.

See more at InfoSec.tv

InfoSec will be there from March 11 – 16, 2012, and so will our game changing Mainframe Event Acquisition System™ (MEAS™)!

You’ve heard a lot from us about MEAS™ over the last year we are thrilled to say our new event and log management technology is really taking off.

We’ve been talking to folks interested in MEAS™ and what we’re hearing again and again is that the mainframe is conspicuously absent from Security Information and Event Management (SIEM) strategies. MEAS™ is filling that gap and we couldn’t be happier to a part of the solution.

If you’re going to SHARE, be sure to stop by Booth #611 and say “hi!”  We’ll have live demos of MEAS™ and some of our other new products we think you’ll find useful.

Hope to see you there! Can’t wait!

Bob

We do a lot of work with companies who are transitioning to a Role Based Access Control (RBAC) model.  We also talk to many customers who are skeptical of the value of RBAC when the effort is quite large and time consuming, yet doesn’t generate any new customers or revenue…here’s why:

Many organizations today still rely on a user based access model where users typically fill out a form requesting access to one or more specific resources. Along with this dated model of user security is the lack of process for removing access from a user that is no longer required.

With compliance initiatives such as Sarbanes-Oxley, Gramm-Leach-Bliley and HIPAA, organizations must put into place processes ensuring users only have access to those resources required to do their current job function – nothing more.  Without these processes in place, organizations have undue risk and exposure, whether it’s accidental or malicious in its intent. An example of this might be a person who moved from the Accounts Payable (AP) department to the Accounts Receivable (AR) department.  Under the old model, the user gets additional security added so that they can perform the AR job functions, but the AP access is still in place.  This creates a risk that this person will cut checks when they are no longer authorized to do so.

This is the primary reason that organizations must implement a Role Based Access Control (RBAC) security model.  By identifying the individual job functions by HR job title or job code or some other discrete identifier, we can begin to identify the specific resources required for a person to perform that specific job function and nothing more.

So, why don’t all organizations have RBAC in place today?  There are several reasons:

There are insufficient resources available on staff to do a RBAC project.  The security team, business units and other stakeholders are busy doing what they need to move the business forward.  There’s just no time for a RBAC project.

There are insufficient skills to undertake a RBAC project.  RBAC projects are not necessarily easy to implement.  There is a lot of interaction between executive management, business unit management, security, operations, programming and other divisions required to have a successful RBAC implementation.

Lastly, there is no tangible benefit.  What I mean by this is that at the end of an RBAC project, there are no new customers and there are no increased revenues.

OK – it sounds like 3 good reasons not to implement RBAC right?  Wrong!  A RBAC project is required to meet compliance requirements and help to assure that no security breaches take place, landing the CEO, CFO, CIO on the front page for the Wall Street Journal.  Without RBAC, it’s just a matter of time before someone with access to something that they shouldn’t initiates a breach and gets the company and the executives in hot water.  Think of it in the terms of an insurance policy.  You have it and hope you never have to use it.

Because of the 3 reasons listed above, InfoSec is here to help you achieve that desired (required) level of compliance.  We can assist you with RBAC in the following ways:

We can manage the entire project from start to finish, coordinating the involvement of executive management, business unit management and staff as well as technical management and staff.

We have the expertise to help you identify the roles and then determine the current access levels for people in those roles.  We then help you to remove those resource access permissions that are not required.

We direct the implementation of the new roles in such a way that is least disruptive to the operation as possible.

Using reporting and other informational sources, we monitor the new roles to make sure that they are working as expected.

We assist in the removal of the old security, leaving the new roles.

Lastly, we provide processes to continue to monitor RBAC effectiveness going forward.

I hope you found this to be helpful and if you or your organization are considering a move to RBAC security and would like some help, please feel free to give us a call.  We’d be happy to work with you.

Bob

Why spend more money on hardware, technology and personnel to manage mainframe events when you can integrate them right into your event and log management platform?”

That’s what we were thinking when we upgraded our Mainframe Event Acquisition System™ (MEAS™) and we’re pleased to present MEAS™ 5.0.

With seven updated features MEAS™ will enable your staff to respond to potentially threatening events in real-time, ensuring the security and integrity of your data and regulatory compliance.

Without real-time event reporting, an unauthorized user can make multiple attempts to hack into your private and confidential information. And, without real time reporting, your IT team won’t know about it for hours or days, if ever at all. And by then, it is too late.

With real time event reporting, the same scenario plays out very differently. Instead of unknowingly going through their day, the IT team is alerted instantly via your Security Information and Event Management (SIEM) platform when a critical event occurs. With the alert, they have a chance to react quickly to protect your sensitive data.

InfoSec’s Mainframe Event Acquisition System™ (MEAS™) is a real-time monitor that “listens” for particular events based on your settings. Millions of events occur each day, but only some are critical, and MEAS™ can isolate these from the mundane events and alert your team in real time via your SIEM platform.

Now MEAS™ offers seven new and updated features:

• MEAS™ can now log events or alerts based on z/OS system console messages.

• The Server can now accept input from multiple monitors on different systems (or the same system).

• Now MEAS™ features a batch job that can read console messages from historical files and generate events.

• In MEAS™ 5.0, events can be selective. For example: Only generate a type 15 alert if “SYS1.PARMLIB” is updated. Selection can be based on specific locations or anywhere on the SMF record or console message and includes “and” and “or” logic.

• MEAS™ can now monitor CA-Top Secret® audit file activity and generate events.

• Alert types are now compatible with all SIEM software.

• Enhancements have been made to ease MEAS system management functions.

If you have a SIEM strategy and also have a mainframe, let’s discuss how we can help you to integrate all of your mainframe event activity into your existing SIEM platform, saving you valuable time, money and effort. See more at http://infosec.salesengine.tv/What%20is%20MEAS.html

There is an interesting paradox in the mainframe security industry. Most companies buy off the shelf packages like CA Top Secret to help manage and administer their security environment. But many of these same companies – looking to improve automation and productivity – write customized software – making their security system reliant on in house code.

Didn’t you purchase Top Secret to reduce dependence on custom code? What happens when CA has a new release or upgrade? Or the programmer who wrote the customization retires or is down sized. What if the code fails?

InfoSec is a premier provider of mainframe security software and services. We are an innovator in the design and development of automated security administration tools and have assembled the best mainframe security consulting team in the world. And we have a great solution for CA Top Secret users.   TSSadmin Express is a robust tool designed specifically for security administrators who use CA-Top Secret. We transform the native TSS command interface into a powerhouse of intelligent automated processes.

As a TSSadmin Express user you will quickly and accurately manage and maintain the core components of your Top Secret implementation. A simple command interface allows you to locate, analyze, change and report the complex array of security data imbedded throughout your TSS environment.   – You reduce your reliance on custom code   – We guarantee compatibility with Top Secret releases.

Best of all, you can use TSSadmin Express – for free – for thirty days. Try it. When you do you’ll learn how we can deliver better analytics, better reporting and increase your productivity white reducing your risk. Learn more: http://tinyurl.com/3mgr4q9

A large insurance company is putting a new application into production. It will require 2,000 users to have a new CICS transaction authorized to their user ID.   To set this up the security administrator must:   – Identify all users   – Create 2,000 commands to give the users the CICS transaction code   – And run the commands to grant access.

So using native CA-Top Secret, how long do you think it took the administrator finish this job.   20 hours? 30 hours?  How about 5 minutes? Impossible? You’re right…because she wasn’t using native Top Secret…she was using TSSadmin Express from InfoSec.

TSSadmin Express is a robust administrative tool designed specifically for security administrators who use CA-Top Secret. And it is from InfoSec – the premier provider of mainframe security software and services.   Here’s how it works:

TSSadmin Express is a drop in tool. You load it to your system, define the location of a few key items and you are ready to roll.

- No need for an IPL

- No need for APF authorization

- No need for special privileges

Once live, you will quickly and accurately manage and maintain the core components of your CA-Top Secret implementation. A simple command interface allows you to locate, analyze, change and report the complex array of security data imbedded throughout your TSS environment.

Your business result?   – Improved service levels   – Improved accuracy and…   – A huge productivity boost   Best of all, you can use TSSadmin Express – for free – for thirty days. When you do you will learn how we transform the native TSS command interface into a powerhouse of intelligent automated processes. Watch this short video to learn more: http://tinyurl.com/3bezr6s

Your secured mainframe shop is under attack. Multiple unauthorized access attempts are being made from the same IP address and you won’t even know about it until tomorrow after security reports are run and someone has a chance to go through each report line item and catch the violation.    By then, your sensitive data has already been compromised and the hacker is likely long gone.    Were you hoping for a happier ending to this story?    Now you can have one. See how your story would have ended if your mainframe shop had implemented the Mainframe Event Acquisition System™, (MEAS™) alongside your Security Information and Event Management (SIEM) or Log Management  tool.    Here’s the happy ending: http://www.salesavatar.com/infosec/2011-06-offer1.html

Have a great holiday!!

Bob