Many IBM i customers cringe when they think of the Payment Card Industry Data Security Standard (PCI DSS). But there’s no need to be afraid of it. The operating system provides all of the raw tools needed for compliance and if you would rather not get your hands too dirty there are 3rd party products to help too.

During this FREE, one-hour webcast, Pat Botz discusses the 12 primary PCI requirements and matches them up with operating system provided functions that help you manage and achieve compliance. In addition, Pat will note the requirements that many customers use to choose 3rd party products that make compliance easier, faster, and/or cheaper to achieve.

About the speaker:
Patrick Botz is the principal consultant and founder of Botz & Associates, Inc. He has a wealth of experience particularly in the information security field as well as in the computer industry in general.

He joined IBM in Rochester, MN in 1989 where he held several positions. In 2005, Pat started and headed the IBM Lab Services Security Consulting practice where he worked with customers worldwide until he left IBM in November 2007.

Pat is also the author of numerous trade press articles and a co-author of the book “Expert’s Guide to OS/400 and i5/OS Security.” In addition, he is a world-wide speaker on various platform specific and general security topics.

When? September 29th, 2009 12:00 PM EST   through   1:00 PM EST

Click to register  
Tel: 1-800-650-1801 (US)
Email: webcasts@systeminetwork.com

The Webinar is sponsored by SEA (Software Engineers of America), Raz-Lee’s partner, which successfully sells iSecurity in the US.

We’re back from Common, the annual “meeting of the minds” for Power i experts, and would like to share our impressions.

One obvious aspect was the mark of the recession – fewer people, but a lot more professionals. Only the real Power i experts attended – which was actually good in a way, since we held more to-the-point discussions with people about essential issues.

We had an enlightening meeting with leading IBM executives (at 06:45 AM… and totally jetlagged), at which Power i was hailed as one of the more successful IBM platforms.

In this meeting, we had a fascinating discussion about the future directions of Power i. I offered my own vision: the creation of an integrated GUI, however basic, to be used by Power i staff.

Also in this meeting, IBM executives described their innovative cooperation with the University of Nebraska-Lincoln, Iowa State University, and Wright State University, in which students will be taught core concepts based on IBM’s Power Systems and IBM i infrastructure. This is an admirable venture which could do much to expose IT pros to Power i and promote it. I would even be happy to take part in this project myself, and I hope it expands to other countries.

We had some very productive meetings – including sessions with Jeff Uehling, IBM System i Executive, with our US business partners – SEA and Innovatum, as well as with Linda Harty, System i Network’s Executive Editor, and  Alex Woodie, IT Jungle’s Senior Editor.

There was a lot of interest in our booth and iSecurity product portfolio. Many customers stopped by our booth and described how they use our products. Our new Compliance Evaluator generated a lot of interest, and AP-Journal drew instant enthusiasm. A lot of customers asked about PCI compliance – which is a main concern for our customers.

In addition, I gave a presentation on “Tracking Application Activity via the DB-Journal: the Missing Dimension of Information Systems”, which discussed what DB-Journal offers and what it lacks, and how products like iSecurity AP-Journal cover users’ needs. The presentation was well-attended and sparked some interesting discussions.  Feel free to contact me for more info on this.

Written by Shmuel Zailer, CEO, Raz-Lee Security
Email Shmuel Zailer at marketing@razlee.com

How sufficient is integrated IBM i security?

I recently ran into an interesting quote in System i News Magazine, January 2009:

“Not only is IBM i virus resistant, its object-based architecture provides integrated security based deep into the heart of the system. You don’t need to apply a multitude of security patches – because security is not an afterthought with IBM i”.

I couldn’t agree more. As VP Business Development at Raz-Lee Security, which has focused on software and security products for AS/400/IBM i since 1983, I can testify that security is indeed built into the IBM i to an extent that is unequaled on any other platform.

However, it’s important to emphasize the areas where IBM i only provides the infrastructure for security solutions, leaving it to each company – or to software providers like ourselves – to turn this infrastructure into something manageable and beneficial to CIOs, CSOs, auditors and system administrators.

Certainly the exit point architecture for protecting network access exists in vanilla OS/400; but were it not for a solution such as iSecurity Firewall, most organizations would not have the qualifications or resources to utilize these exit points.

The same goes for QAUDJRN log information; the information may all be there but its esoteric codes are unreadable without a solution such as iSecurity Audit which provides a useable front end to all this extremely valuable information.

OS/400 provides a wealth of password related system values and options; so many in fact, that a solution such as iSecurity Audit, which provides built-in password-related reports, a report generator and scheduler, is an absolute must.

And then there are capabilities that OS/400 simply does not provide; for example, an automatic operator facility (part of iSecurity Action) which can send real-time alerts and execute CL (command language) scripts in the case of a security breach.

And finally we reach the area I’ll call “Application Security”: using OS/400 facilities to secure the company’s business critical data. We’ve actually seen a growing trend over the past 2-3 years of companies’ growing interest in securing applications, as opposed to “infrastructure” (i.e. network access, QAUDJRN ).

iSecurity’s flagship product in the area of “Application Security” is AP-Journal. This product utilizes the information in OS/400 journal receivers, which fill up quickly and become unmanageable, and stores it in special purpose containers. These containers store only updates/fields which were defined by the user as “significant” and are therefore much smaller than journal receivers.

For example, AP-Journal can “trap” changes to application fields which are beyond a user-defined threshold, so that when a change occurs, an e-mail or operator message are sent to notify management. And, because the containers can store years worth of data, AP-Journal can easily provide a timeline report of all changes made to a mortgage over numerous years.

Another capability touching on application security is iSecurity’s ability to “capture” (via iSecurity Capture) user green screen images, store them and play them back at a later date.

In conclusion, while the IBM System i does lay out a groundwork for security, you still need additional, professional applications such as those offered by iSecurity in order to actually exploit the features/information provided by IBM.

Written by Eli Spitz, VP Business Development at Raz-Lee Security.
Email Eli Spitz at marketing@razlee.com