Hypersecurity LLC IBM (iSeries) Audit Services

Recent e-commerce and e-business initiatives have inspired companies to move toward an open, distributed network-computing environment with the goal of enabling employees, customers, partners, suppliers, and distributors to easily exchange and access information critical to an organization’s functions and existence.   As we know, these same networks create vulnerabilities that allow disgruntled or malicious workers, hackers, and other attackers to wreak havoc on an organization’s systems through fraud and vandalism.  Because of this threat, organizations must ensure the confidentiality, integrity, and availability of their critical information assets or risk jeopardizing their reputation, brand equity, and corporate compliance status.  Properly maintaining these assets is what drives the demand to effectively manage information security.  When it comes to iSeries, Hypersecurity can help your organization:

·         Ensure proactive protection for your iSeries systems

·         Assess compliance of your iSeries systems with policies, standards, and other important security drivers

·         Implement real-time intrusion protection for your critical iSeries information assets

·         Meet regulatory data and log review requirements

·         Improve and further secure the user management process

·         Assure performance and availability of your critical iSeries systems.

 

Independent iSeries Security Assessments

Hypersecurity’s iSeries security assessment and review is designed to review the settings within the iSeries operating system (OS/400) that are related to system security.  This includes the system values, network attributes, user profiles and object authorities.  As the main deliverable of this review, our clients receive a comprehensive report that lists the security findings as rated within four classifications:

·         High – A serious weakness that can compromise OS/400 integrity controls and should be addressed immediately;

·         Medium – A potential weakness in system integrity controls that could develop into an exposure and would be cited as a material deficiency in a regulatory audit;

·         Low – An area that should be addressed because it does affect overall system security, but is not a critical weakness, and/or it should be "cleaned up" for either maintenance or efficiency reasons;

·         Comment – No corrective action is required.

The typical security assessment will include the following workflow items:

·         On-site project kickoff meeting in order to prepare engagement agenda and establish your expectations

·         Reviews of:

                   -   Q* library security and object authority

                   -   Access to QSECOFR and all other Q* user profiles

                   -   System Value settings and parameters

                   -   User Profile settings and parameters

                   -   Exit point security and current remote request management capabilities

                   -   Network attributes

                   -   Objects which inherit (adopt) authority

                   -   Communications configuration settings

                   -   Many other review activities that are noted in the final report

·         Review of findings and actions taken

·         And a project wrap-up and report, including recommendations and next steps. 

 

Using the final report, Hypersecurity will work to help you better understand how iSeries security impacts your business processes, help you create a security plan, and ensure that you understand how to start implementing the recommendations.  Hypersecurity’s ultimate goal is to evaluate your iSeries security environment, help educate you on the “what and why” of any identified security issues, and leave your organization with an action plan that will make a difference in your overall security posture!

 

Managed iSeries Security Services

Security and systems expertise for the IBM i (iSeries) is difficult to obtain and/or maintain in a majority of organizations.  Our managed security solution offers operational efficiency by allowing your organization to outsource daily, weekly, and monthly iSeries security administration and monitoring functions.

 

Regulatory compliance is enhanced because the required audit and security functions are managed and monitored by an objective and independent group of iSeries security professionals.  Hypersecurity LLC is a provider of security consulting, services, and assessments for the IBM i (iSeries) platform, with an experienced iSeries security team.

 

Back