SHARE in Anaheim

14812: The Myth of Mainframe Security

Tuesday, March 11, 2014: 9:30 AM-10:30 AM
Platinum Ballroom Salon 1 (Anaheim Marriott Hotel)
Speakers: Mark Wilson(RSM Partners) and Glinda G. Cummings, CISSP(IBM Corporation)
Handouts
  • The Myth of Mainframe Security (4.4 MB)
  • There are many who combatively hold the belief that the mainframe z/OS system is inherently secure. More recently, we hear the pundits changing the tune saying that it is the "most securable" platform. This change recognizes that z/OS customers may undermine the z/OS security capabilities through their system and sub-system configurations, and how they implement their external security manager.

    From the time we believed wrongly that the mainframe was going away, the system has suffered a serious lack of attention, skill, and budget. In outsourcing relationships, gaps can occur in the implementation of new security features and capabilities that can enhance mainframe security and reduce reliance on exits under the control of system programmers. From simple and obvious failures to those that are more technically sophisticated, the mainframe is more and more at risk. It is becoming more and more Internet connected, and its vulnerabilities are getting published and distributed "in the wild."

    The speaker, who has successfully compromised a number of mainframe systems in minutes during white-hat testing, will identify and describe the kinds of failures and vulnerabilities that he and other professionals see and work to remedy on a regular basis, and current exploits that have already compromised mainframe systems. z/OS is, indeed, the most securable computing platform, but users of the platform have generally not done their part to keep up.

    If your mainframe z/OS system remains your core processing platform, this is a can't-miss presentation with takeaways that will be of immediate use to level-set your z/OS security.

    Tracks: Security and Compliance, Security in the Enterprise, User Experience and z/OS Systems Programming




    See more of Project: Security and Compliance
    See more of Program: Enterprise Data Center