InfoSec Inc. Security Services - Project Highlights

Enterprise Audit and Remediation complies with HIPAA and US Government Security Standards (Large claims processing company)

• Provide systems programming and security software implementation consultants for commercial insurance client
• Demonstrated audit management oversight for large Security Assessment for mainframe and network security
• Confirmed highly secure and compliant mainframe system processing to meet DoD DIACAP security requirements
• Over 7 million subscribers submit insurance claims for secure processing on zOS Mainframe insurance applications
• Using CA Top Secret, CA Auditor and CA Cleanup, the Audit remediated over 200 STIG variances

Mainframe CA-Top Secret Support (Large healthcare company)

• On-site for over 6 years
• Provide full-time consultants to support the client CA-Top Secret environment
• Convert IBM-RACF subsystems to CA-Top Secret
• Modify the security environment to meet Sarbanes-Oxley requirements
• Using CA Cleanup, review security file data and report security not required and subsequent removal of unneeded security
• Implementation of Role Based Access Control (RBAC)

Role Based Access Control (RBAC) Implementation (Large insurance company)

• Reviewed existing security implementation and analyze entitlement usage data
• Conduct interviews with business units to obtain role profile definitions
• Create/execute various reporting functions, including TSSadmin Express™ to validate existing security usage
• Based upon analysis, create new security roles to replace existing security
• Review effectiveness of new roles and phase out older security rules
• Create/execute various reporting functions, including TSSadmin Express™ to validate new security is properly used and to refine any role definitions
• Provide training to client on CA Top Secret, TSSadmin Express™

CA-IDMS SQL Option and Server Option Installation (Large Aircraft Manufacturer)

• Reviewed client objectives for web-enabling IDMS data
• Installed and implemented CA IDMS SQL Option and Server Option
• Worked with client to web-enable pilot application to demonstrate functionality
• Successful demonstration resulted in sale of software.

Mainframe Security Assessment (Federal Government, Manufacturing, Health Care, Financial, telecommunications)

• Provide an in-depth analysis of mainframe security environment
• Conduct interviews with stake-holders and generate report data for analysis
• Analyze findings and create comprehensive findings report
• Formally present findings to client

Mainframe Security Reporting (Major Insurance company)

• Developed "easy to read" management security access reports
• Allows client to specifically request access authority reports to ACF2 secured datasets and cross-reference to client specific application data
• Provides only the data that the client requires
• Developed all programs, JCL and processes required

Mainframe Systems Support (Large Air Industry company)

• Provide as-needed CA-Top Secret and mainframe networking support
• Perform security and network support and administration services
• Client has deferred hiring of additional staff

Mainframe Security File Cleanup (Major financial company)

• Implemented and utilized CA Cleanup for Top Secret, CA Cleanup for ACF2 and CA Cleanup for RACF
• Reduce obsolete, excessive and redundant security by 50% to 90%
• Implement CA Cleanup from one (1) to eighty-eight (88) LPARS to track and monitor security usage
• Assist client in identification and removal of unneeded security

IBM-RACF to CA-Top Secret Conversion (Large Information Technology Provider)

• Using proprietary "Conversion Factory" process, converted client RACF to functionally equivalent CA-Top Secret security database

Mainframe CA-Top Secret Consulting (Large Insurance company)

• Provided full-time high-level CA-Top Secret consultant to assist client in re-architecting application security to meet Sarbanes-Oxley requirements
• Provided high-level expertise in CA-Top Secret interfaces and operation with application software
• Crafted and executed CA-Top Secret commands to address security deficiencies and implementation of new application security architecture

Mainframe CA-Top Secret/VSE Implementation (Large on-line retailer)

• Provided expert assistance to client for installing and implementing CA-Top Secret for VSE
• CA-Top Secret for VSE was successfully installed on two (2) VSE images, two (2) CICS regions and one z/VM image.

Security Conversion & Consolidation (TSO, UADS) (Large Insurance company)

• Converted to central mainframe security 12 TSO user attribute datasets (UADS) defining 55236 users
• Cleanup & Removal: 65% of users from 55236 to 18971, 47% of logon procedures from 900 to 474
• Allowed management of TSO user information via the site's new user provisioning software
• End-user transparent, identical access/enforcement maintained throughout, no outage/production impact

Security Product Conversion & Consolidation (RACF, TSS) (Large Insurance company)

• Converted two systems and merged into an existing larger security database supporting 11 businesses
• Converted 8677 user IDs, 24277 file access rights, 12383 resource access rights
• End-user transparent with identical user IDs, passwords, access rights, enforcement
• TSS search algorithm "override'' analyzed and conflicts resolved
• Cleanup: 54% of users, 37% of groupings, 30% of access rights.
• Converted only active users and access... only a 10% subset of the prior security database

Security Product Conversion (DB2) (Large Insurance company)

• DB2 security conversion from internal native DB2 security to external SAF-based security
• Converted 22 DB2 environments comprising 42 DB2 subsystems
• 2,313,112 DB2 authorizations program-analyzed, masked, grouped and reduced to < 50K permissions
• End-user transparent, Identical access/enforcement maintained throughout, No outage/production impact

Security Product Conversion (ACF2 to TSS) (Major Insurance company)

• Conversion of two systems sharing one security database
• 59612 user IDs, 82902 file access rights, 85214 resource access rights
• End-user transparent with identical user IDs, passwords, access rights, enforcement
• Extensive JES and S/390 security USERMODS and interfaces (API's)
• Security cleanup over 50% and reduced TSO PROCS from 500 to 20

Security Product Conversion (RACF to TSS) (Large Insurance company)

• Converted three S/390 systems sharing 91145 security entries incl. user IDs, access rights, access groups
• Transparent to end-users whose user IDs, passwords and access rights remained identical
• Security enforcement maintained (FAIL mode) throughout
• No unscheduled outage or production impact
• Result:
  • Single, unified, S/390 security product environment
  • Elimination of dual product training for security and systems staff
  • Elimination of dual security product installation and maintenance by systems staff
  • Improved security responsiveness and problem resolution now given a consistent security system
  • Improved single-point security and auditing control

Security Product Conversion & Consolidation (RACF to ACF2) (Large Utility)

• Converted security of three systems and merged into an existing, larger security database
• Result a single, unified security product and one centrally shared security database
• Zero fall-out, no cross-contamination, FAIL enforcement throughout
• End-user transparent with identical user IDs, passwords, access rights
• Initially 55000 security entries, cleanup (no conversion) done for entries found obsolete:
  • 30% of user IDs
  • 80% of access groups
  • 60% of file rights
  • 30% of resource rights

Let InfoSec and our highly skilled mainframe consultants assist you in meeting your service level agreements and helping you to meet your data center challenges.