Role Based Access Control (RBAC) Conversion

Role based Access Control provides the foundation for organizations to successfully implement security provisioning and ensure that Client employees and contractors have only that access which is required to perform their current job function(s). Implementation of RBAC will position Client to meet security and compliance challenges such as Sarbanes-Oxley, Gramm-Leach-Bliley, SAS70, internal requirements and more.

Overall, RBAC greatly improves the ability of an organization to meet compliance requirements and reduce security exposure.

This service will be provided through both on-site and remote support of the Client security environment. The thrust of the project will involve on-site consulting, working with Client staff to identify organizational roles and map existing mainframe security to new application function security profiles in the mainframe security environment.

The following stages are required for a successful completion of the project and are performed for each application to be converted to RBAC:

• Determine the minimum necessary profile configuration
  New role profiles will be created and deployed to supplant existing access profiles.
• Establishment of new profile naming conventions
  The development and implementation of a naming convention for these new roles will be developed in this task.
• Consistency
  The new role profiles will enact consistent access for users in a role.
• Exceptions
  Exception access will be tracked and reported by security reporting at the role profile level.
• Automation for reporting and transitioning
  Security reporting will be used and/or developed as needed to report on old access which are still being used despite the addition of new role profiles.
• Create new role profiles
  As role development proceeds, systematic deployment of new application function profiles will occur in a phased approach with verified contingency.
• Assign new roles to users
  In this task, users will be connected to their new role profile.
• Role refinement
  Refine each new role profile and to gather exception information for later exception analysis.
• Remove existing legacy profiles
  Existing legacy role profiles will be removed from each user
• Ongoing Refinement
  Continued monitoring and refinement as required occurs during this task.
• Review administrative access

Review of process/procedure to ensure appropriate changes made to the new application function profiles.

Let InfoSec and our highly skilled mainframe security consultants assist you in meeting your role Based Access Control implementation challenges.