22
World ® ’1 6 The Importance of Mainframe Security Education Mr. Steve Hosie - President, CISSP, CISM - Cyber Security . Services MFX173S MAINFRAME AND WORKLOAD AUTOMATION

The Importance of Mainframe Security Education

Embed Size (px)

Citation preview

Page 1: The Importance of Mainframe Security Education

World®’16

TheImportanceofMainframeSecurityEducationMr.SteveHosie - President,CISSP,CISM- CyberSecurity.Services

MFX173S

MAINFRAMEANDWORKLOADAUTOMATION

Page 2: The Importance of Mainframe Security Education

2 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

©2016CA.Allrightsreserved.Alltrademarksreferencedhereinbelongtotheirrespectivecompanies.

Thecontentprovidedinthis CAWorld2016presentationisintendedforinformationalpurposesonlyanddoesnotformanytypeofwarranty. The informationprovidedbyaCApartnerand/orCAcustomerhasnotbeenreviewedforaccuracybyCA.

ForInformationalPurposesOnlyTermsofthisPresentation

Page 3: The Importance of Mainframe Security Education

3 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

Abstract

Educationisthefoundationofeffectivemainframesecurity,andtosecurethemostmission-essentialassetsinthebusiness,mainframeteamsmustbeproperlyeducatedonthegreaterindustrystandardsandthesecurityproductstheymanage.Ifteamslacktheappropriatetraining,howdoesanyoneknowiftheirsensitivemainframedataisactuallysecure?Thissessionwilldiveintotheimportanceofmainframesecurityeducationatalllevelstoenableteamstobettersecuremainframeapplications,providewaystosimplifymainframesecuritydocumentationandsharebestpracticesforincreasingcollaborationandmainframesecurityeducation.

SteveHosieCyberSecurity.ServicesPresident,CISSP,CISM

Page 4: The Importance of Mainframe Security Education

4 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

Agenda

VALUEFORSTAKEHOLDERS

IDENTIFYTHEWHOANDWHY

WHATLEVELOFEDUCATION- MAINFRAMELPARORAPPLICATION

THE“MISSINGLINK”

EDUCATIONLINKS

1

2

3

4

5

Page 5: The Importance of Mainframe Security Education

5 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

ValuetoStakeholders

§ Inadequateandineffectivesecuritycontrolshaveleftindividualsandcorporationsmorevulnerabletoillegalactivitiessuchascomputerfraud,abuse,theftandtheunauthorizeddisclosure,modification,ordestructionofinformation

§ Lackoftrainingguaranteesinadequatesecuritycontrolswillbeimplementedduetosuchbasicsas“notknowinghowtoeffectivelyutilizetheMainframeSecuritytools”toprotectyourdata

Page 6: The Importance of Mainframe Security Education

6 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

ValuetoStakeholders

§ IfyourCyberSecurityteamarenoteducatedinhowtofullyandproperlyutilizetheMainframeSecuritytools– howcanyoubeassuredyourdataisproperlyprotected?

§ AsyourCyberSecurityteam– whatarethetop10mostcriticalresources,whataccesslevelsareheldbywhomandwhenwasthelastreportreviewedforthoseresources

§ JustbecauseanAuditorfailedtoknowwheretolook,whatquestionstoask– doesthatmeanyourdataisprotected?

Page 7: The Importance of Mainframe Security Education

7 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

ValuetoStakeholders

§ InvestingintheeducationofyourMainframeCyberSecuritystaffforproperutilizationoftheMainframeSecuritytoolsisadirectinvestmentinprotectingyourdata

Page 8: The Importance of Mainframe Security Education

8 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

WhoAretheMainframeSecurityAdministrators

§ WhoperformsMainframeSecurity-– z/OSSystemCyberSecurityTeamMembers

§ IndividualswhoareresponsibleforCyberSecuritycontrolsoverthez/OSSystemleveland3rd partysoftwareproducts– EnsuringSecurityControlshaveproperlyandfullysecuredtheSecureMainframe

Platformbaseduponwelldocumentedz/OSSecurityStandards

– WithoutEducation,howwouldresponsibleteammembersknowhowtofullyandproperlyutilizingallsecurityproductfeaturesensuringthez/OSPlatformhasbeenproperlysecured?

z/OSSystemorApplication

Page 9: The Importance of Mainframe Security Education

9 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

WhoAretheMainframeSecurityAdministrators

§ WhoperformsMainframeSecurity?– z/OSMainframe“Customer”ApplicationCyberSecurity

TeamMembers§ IndividualswhoareresponsibleforCyberSecuritycontrolsovertheApplicationsandactualapplicationdata(Sensitive,PII,HIPAA,PCI,etc)– WithoutpropereducationonhowtoutilizetheMainframeSecurityproductsto

protecttheactualdataandapplicationsprocessingontheMainframePlatform–isyourdataprotected?Howwouldyouknow?

– Howwouldthoseresponsibletoprotectyourdatabeabletoprovideassuranceiftheydonotknowhowtoutilizethesecurityproduct?

z/OSSystemandMainframeApplicationCyberSecurityTeams

Page 10: The Importance of Mainframe Security Education

10 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

WhoElseShouldReceiveTraining-

§ WhoelseperformsMainframeSecurity-

– z/OSSystemlevel“HelpDesk”

– z/OSAuditors

– z/OSApplicationAuditors

Page 11: The Importance of Mainframe Security Education

11 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

WhatLevelofTraining

§ Trainingonz/OSMainframeSecurityModelandoverviewofMainframeSecurityProducts

§ CA-ACF2,CA-AUDITOR,CACLEANUP,CATOPSECRETandothersuchz/OSMainframeSecurityproducts

– Alllevels:§ Managementofz/OSSystemTeams,§ Management/OwnersofCustomerApplications/data,§ ManagementoverthevariousMainframeCyberSecurityTeams,§ CyberSecurityteammembers- z/OSSystemlevelandApplication/datalevels

§ Auditors

z/OSSystemorApplication

Page 12: The Importance of Mainframe Security Education

12 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

WhatLevelofTraining

§ Trainingonz/OSMainframeSecurityProductBasics–§ BasicsonhowtouseCA-ACF2,CA-AUDITOR,CACLEANUP,CATOPSECRETandothersuchz/OSMainframeSecurityproducts

– z/OSSystemProgrammers– z/OSSystemLevelCyberSecurityteammembers– z/OSApplicationCyberSecurityteammembers– HelpDesk/CustomerService– Auditors

z/OSSystemandApplicationCyberSecurityTeams,MainframeAuditors,HelpDesk

Page 13: The Importance of Mainframe Security Education

13 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

WhatLevelofTraining

§ Trainingonz/OSMainframeSecurityProductSetupandAdvanced–

§ InDepthconfigurationsettings,advancedfundamentalsonhowtouseCA-ACF2,CA-AUDITOR,CACLEANUP,CATOPSECRETandothersuchz/OSMainframeSecurityproducts

– z/OSSystemProgrammers– z/OSSystemLevelCyberSecurityteammembers

z/OSSystemProgrammersandz/OSSystemCyberSecurityTeams

Page 14: The Importance of Mainframe Security Education

14 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

WhatLevelofTraining

§ Trainingonhowtoreview,documentandproperlysecureCustomerApplicationsandDataonz/OSMainframes–

– CyberSecurityteammembersresponsibleforthesecuritycontrolsatthez/OSSystemlevel

– CyberSecurityteammembersresponsibleforthesecurityofthecustomerapplicationsanddatalevels

– Management/ownersofCustomerApplicationsanddata– MainframeApplicationAuditors

z/OSSystemCyberSecurityTeams,ApplicationCyberSecurityteams,Auditors

Page 15: The Importance of Mainframe Security Education

15 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

The“MissingLink”inMainframeSecurityEducation

– MainframeApplicationLevelSecurityTrainingisoftenthe“Missinglink”.It’softenonlytrainedinthebasicsyntaxofthesecurityproduct,butnothowtoeffectivelyreviewandimplementcontrolsinrelationshiptotheApplicationordatatheyareresponsiblefor

– Applicationanddatalevelsecuritycontrols– whatcontrolsshouldbedocumented,implementedandvalidated?

– DoestheApplicationCyberSecurityteamknowhowtoeffectivelyusethesecurityproducts?

– WherecantheyobtainApplicationLevelCyberSecuritytrainingonhowtoutilizetheMainframeSecuritytoolsfortheirapplication?

TheApplicationLayer

Page 16: The Importance of Mainframe Security Education

16 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

The“MissingLink”inMainframeSecurityEducation

– HowtoblendSecurityproductssyntaxwithappropriateapplicationofCyberSecurityConceptswithinthez/OSMainframeEnvironment.

– Command“syntax”toknowingwhichaccesscontrolsareappropriate– Knowingwhichaccessisnotappropriatetogrant– KnowingwhatarethecriticalresourcesSystemandApplication(s)– Howtomonitoraccess– Somuchmore.– Ittakesyearsoflearning,educationanddedicationtobecomea

MainframeCyberSecurityProfessional.– ~InMemoryofMichaelEsberger,MainframeSecurityProfessionaland

Educator1950– 2016.

TheApplicationLayer

Page 17: The Importance of Mainframe Security Education

17 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

MainframeSecurityEducationLinks

– CAWorldprovidesunlimitedselfdirectedMainframeSecurityproductsviathelabsessions

– Searchhttp://www.ca.com/us/education-training.html

– AskCAtoprovidetheirselfdirectedMainframeSecurityProducttrainingviaonline(www)soyourCyberSecurityteamscanaccess

Page 18: The Importance of Mainframe Security Education

18 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

RecommendedSessions

SESSION# TITLE DATE/TIME

SCT22S CARoadmap:PrivilegedAccessManagement 11/16/2016at4:30pm

MFX172S TheKeytoComplyingWithNewRegulationsandStandards:ComprehensiveMainframeSecurity 11/16/2016at4:30pm

MFT175S GapsinYourDefense:HackingtheMainframe 11/17/2016at3:00pm

Page 19: The Importance of Mainframe Security Education

19 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

MainframeSecurityEducationInvestingMainframeSecurityEducationwillhelpguaranteeadequatesecuritycontrolsareproperlyimplementedbyCyberSecurityTeammembersknowinghavingobtainedtheknowledgeandunderstandingtoeffectivelyusetheMainframeSecuritytoolsinordertoensureprotectionofyourdata.

SummaryAFewWordstoReview

Page 20: The Importance of Mainframe Security Education

20 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

Questions?

Page 21: The Importance of Mainframe Security Education

21 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

Thankyou.

Stayconnectedatcommunities.ca.com

Page 22: The Importance of Mainframe Security Education

22 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

MainframeandWorkloadAutomation

FormoreinformationonMainframeandWorkloadAutomation,pleasevisit:http://cainc.to/9GQ2JI


A Mainframe Security Rosetta Stone – Translating … · Stone – Translating Between Mainframe Security Products Reg Harbeck ... • RACF • ACF2 • TSS ... • CICS • RACF:

A Mainframe Security Rosetta Stone – Translating … · Stone – Translating Between Mainframe Security Products Reg Harbeck ... • RACF • ACF2 • TSS ... • CICS • RACF:

Documents
Why Mainframe Security Matters For Financial Services Firms · Protect Your Business Now With Intelligent Mainframe Solutions With BMC AMI for Security, our Automated Mainframe Intelligence

Why Mainframe Security Matters For Financial Services Firms · Protect Your Business Now With Intelligent Mainframe Solutions With BMC AMI for Security, our Automated Mainframe Intelligence

Documents
Top 12 Mainframe Security Exposures and Lessons From … · Top 12 Mainframe Security Exposures and ... CICS, MQ Series ... Top 12 Mainframe Security Exposures and Lessons From A

Top 12 Mainframe Security Exposures and Lessons From … · Top 12 Mainframe Security Exposures and ... CICS, MQ Series ... Top 12 Mainframe Security Exposures and Lessons From A

Documents
CA Mainframe Security Update - SHARE

CA Mainframe Security Update - SHARE

Documents
Top Ten Security Vulnerabilities in z/OS & RACF Security Vanguard Top Ten Sec… · continued importance of the mainframe to the business and the actions CIOs are taking to protect

Top Ten Security Vulnerabilities in z/OS & RACF Security Vanguard Top Ten Sec… · continued importance of the mainframe to the business and the actions CIOs are taking to protect

Documents
Mainframe Security - It's not just about your ESM v2.2

Mainframe Security - It's not just about your ESM v2.2

Technology
Security Audit on the Mainframe (v1.0 - 2016)

Security Audit on the Mainframe (v1.0 - 2016)

Technology
Tech Talk: In the Voice of a Mainframe Millennial: How Can Mainframe Security Be Made Easier?

Tech Talk: In the Voice of a Mainframe Millennial: How Can Mainframe Security Be Made Easier?

Technology
Splunking*the* Mainframe* · PDF fileUnderstand*the*importance*of*mainframe*datain*the*operaonal* intelligence*picture*!

Splunking*the* Mainframe* · PDF fileUnderstand*the*importance*of*mainframe*datain*the*operaonal* intelligence*picture*!

Documents
A Mainframe Security Rosetta Stone Translating Concepts

A Mainframe Security Rosetta Stone Translating Concepts

Documents
Is Complacency Around Mainframe Security a Disaster Waiting to Happen?

Is Complacency Around Mainframe Security a Disaster Waiting to Happen?

Technology
Administering Security. Personal Computer Security Management Security problems for personal computers are more serious than on mainframe computers –people

Administering Security. Personal Computer Security Management Security problems for personal computers are more serious than on mainframe computers –people

Documents
Session 4 The importance of IoT security: Creating New ... · The importance of IoT security: Creating New ... The importance of IoT security: Creating New Business Value Cu .

Session 4 The importance of IoT security: Creating New ... · The importance of IoT security: Creating New ... The importance of IoT security: Creating New Business Value Cu .

Documents
Arcati Mainframe Yearbook 2007Arcati Mainframe … Ltd, 2013 1 Arcati Mainframe Yearbook 2007Arcati Mainframe Yearbook 2013 Mainframe strategy The Arcati Mainframe Yearbook 2013 The

Arcati Mainframe Yearbook 2007Arcati Mainframe … Ltd, 2013 1 Arcati Mainframe Yearbook 2007Arcati Mainframe Yearbook 2013 Mainframe strategy The Arcati Mainframe Yearbook 2013 The

Documents
Cyber security & Importance of Cyber Security

Cyber security & Importance of Cyber Security

Technology
Arcati Mainframe Yearbook 2007Arcati Mainframe Yearbook ... · IBM has standard Cloud Paks for data, application integration, automation, and multi-cloud management and security

Arcati Mainframe Yearbook 2007Arcati Mainframe Yearbook ... · IBM has standard Cloud Paks for data, application integration, automation, and multi-cloud management and security

Documents
INTERSKILL MAINFRAME TRAINING NEWSLETTERApplication Programming, Mainframe Op-erations, Mainframe Specialists, Mainframe Security and Mainframe Storage are the new Mainframe Computing

INTERSKILL MAINFRAME TRAINING NEWSLETTERApplication Programming, Mainframe Op-erations, Mainframe Specialists, Mainframe Security and Mainframe Storage are the new Mainframe Computing

Documents
Centralizing security on the mainframe

Centralizing security on the mainframe

Technology
Closing the Mainframe Skills Gap...mainframe security data center applicationconsulting network cloud managed infrastructure mainframe security ... the importance of properly integrating

Closing the Mainframe Skills Gap...mainframe security data center applicationconsulting network cloud managed infrastructure mainframe security ... the importance of properly integrating

Documents
Managing performance and security with Splunk on your IBM mainframe webinar

Managing performance and security with Splunk on your IBM mainframe webinar

Software
Ten Things You Should not Forget in Mainframe Security

Ten Things You Should not Forget in Mainframe Security

Technology
The Myth of Mainframe Security - SHARE Myth of Mainframe Security . Glinda Cummings IBM Sr. Security Product Manager glinda@us.ibm.com Session: 16144

The Myth of Mainframe Security - SHARE Myth of Mainframe Security . Glinda Cummings IBM Sr. Security Product Manager [email protected] Session: 16144

Documents
The State of Mainframe Security-or Lack Thereof - SHARE€¦ · Insert Custom Session QR if Desired. The State of Mainframe Security-or Lack Thereof Brian Cummings Mark Wilson Tata

The State of Mainframe Security-or Lack Thereof - SHARE€¦ · Insert Custom Session QR if Desired. The State of Mainframe Security-or Lack Thereof Brian Cummings Mark Wilson Tata

Documents
System Z Mainframe Security For An Enterprise

System Z Mainframe Security For An Enterprise

Technology
SNA Mainframe Security › productdocs › NetQ-whitepaper.pdf · SNA Mainframe Security from SDS 5/18 4/ Given the expert degree of stealth involved, many enterprises never realize

SNA Mainframe Security › productdocs › NetQ-whitepaper.pdf · SNA Mainframe Security from SDS 5/18 4/ Given the expert degree of stealth involved, many enterprises never realize

Documents
Fill your Mainframe Security Monitoring Gap via SIEM

Fill your Mainframe Security Monitoring Gap via SIEM

Documents
Everything you wanted to know about mainframe security ... · PDF fileEverything you wanted to know about mainframe security, pen testing and vulnerability scanning .. But were too

Everything you wanted to know about mainframe security ... · PDF fileEverything you wanted to know about mainframe security, pen testing and vulnerability scanning .. But were too

Documents
How to Go About Setting Mainframe Security Options to Go About Setting Mainframe Security Options Stu Henderson stu@stuhenderson.com 5702 Newington Road Bethesda, MD 20816 ... Stuart

How to Go About Setting Mainframe Security Options to Go About Setting Mainframe Security Options Stu Henderson [email protected] 5702 Newington Road Bethesda, MD 20816 ... Stuart

Documents
The State of Mainframe Security-or lack thereof › share › 122 › webprogram... · IBM Mainframe Hacked I • Swedish Man Charged with Hacking IBM Mainframe & Stealing Money -

The State of Mainframe Security-or lack thereof › share › 122 › webprogram... · IBM Mainframe Hacked I • Swedish Man Charged with Hacking IBM Mainframe & Stealing Money -

Documents
Ransomware on the Mainframe Checkmate! · –DEF CON, Derbycon, SHARE, RSA 2017, others • Mainframe security consultant • Reverse engineering, networking, forensics, development

Ransomware on the Mainframe Checkmate! · –DEF CON, Derbycon, SHARE, RSA 2017, others • Mainframe security consultant • Reverse engineering, networking, forensics, development

Documents