Role Based Access Control Conversions

 

 

Summary of Services

If you are considering a migration from your current mainframe security model to a Role Based Access Control (RBAC) model, you are taking the correct first step.  RBAC is a way to ensure that the human resources in your organization have the proper security to do their jobs – no more, no less.

 

By defining the security to support the role, you eliminate all of the risks and exposures that are presents when a person has access to old systems that they used to work on, or access to resources that they used to use, but now no longer need since they moved to another department.  By moving to RBAC, you are implementing a Best Practice for your mainframe security systems.

 

Migrating to RBAC from your legacy mainframe security implementation is difficult.  Some of the items to consider when transitioning to an RBAC model are:

 

• Large security database(s)
• Old, obsolete users and entitlements cluttering up the database
• How to identify what is and is not being used in the security database
• What are the new “roles” that should be defined and what security is being used today to support those roles?
• How do I get the old users and entitlements cleaned up and into my new roles?

 

The above are just some of the issues that will need to be reviewed, analyzed and acted upon to get you where you need to be.

 

InfoSec has successfully performed several mainframe security migration projects for customers who wanted to implement a Role Based Access Control model and can help you meet that challenge as well.  Some of the steps we take to get you there include: 

 

• Develop overall project plan
• Define responsibilities for tasks
• Define role based security definitions
• Review potential security impact of conversion as related to Exits, User Modifications or custom application security coding
• Identify the obsolete permissions in the security Database
• Validate conversion and document inconsistencies, errors, and omissions
• Create an automated review process of the RBAC groups and their permissions. This is a report that will be delivered to the Security Administrator that will aid them in determining the effectiveness of their RBAC structure. (This is a customized reporting feature that will leverage eTrust Cleanup if installed on your system)
• Facilitate a knowledge transfer session that will encompass all of the work performed during this engagement and at a high level compare the client’s current mainframe security practices against current best practices within the industry

 

• Project Exclusions:

• Any third-party product installation, the installation of third-party product interfaces, exit coding or interfaces to Client systems and applications
• Creating a test system
• Any systems programming work, application programming work or product customization necessary to implement the RACF Group, Top Secret Profile or ACF2 Rule Set conversion
• Modification of the security Database

 

We at InfoSec look forward to working with you and your team on implementing a Role Based Access Control best practice for your organization.

 

Please call us at 703-825-1202 for more details! 

©2001 - 2008 InfoSec Inc. All Rights Reserved. 

Product names are trademarks of their respective companies.

.