RACF - Audit for Results
IBM Systems
Training
Provided by RSH Consulting, Inc.
This course is designed for auditors (and auditees) who
want to identify vulnerabilities in a RACF-protected z/OS
mainframe and bring the system into compliance with
legally mandated security requirements. Much more than
just a simple "how to audit" class, this fast-paced and
technically rich course will arm you with an extensive list
of RACF implementation holes and precise instructions on
how to find them. It is packed with descriptions of
common exposures we have uncovered while reviewing
nearly one hundred implementations of RACF. By the end
of this course, you will have a solid understanding of
RACF, familiarity with implementation "best practices",
and comprehensive knowledge of the tools and techniques
for evaluating the current state of RACF protection. Even
an experienced auditor or administrator will leave with a
long list of additional RACF control options to review.
|
|
||||||||||||
RACF - Audit for Results
1. RACF Concepts
a. Introduction to RACF
b. Profiles & relationships
2. Users
a. Identification & authentication
b. Password composition & options
c. User profile contents & segments
d. RACF commands and reports for users
3. Groups
a. Concepts, hierarchy, & functions
b. Group profile contents & segments
c. RACF commands and reports for groups
4. Resource Protection
a. Concepts
b. Resource profiles - generic & discrete
c. OPERATIONS & privileged access authorities
d. Access permissions & authorization process
5. Datasets
a. Dataset basics & protection
b. Dataset profiles & contents
c. PROTECTALL & TAPEDSN control options
d. RACF commands and reports for datasets
6. General Resources
a. Resource types, names & protection
b. General Resource profiles & contents
c. RACF commands and reports for resources
7. JES-related Controls
a. Started Task identification
b. Batch job controls (e.g., SURROGAT)
8. DASD Storage Administration
a. STGADMIN FACILITY profiles
b. DASDVOL profiles
9. System Product Controls
a. Unix System Services (USS) - BPX profiles
b. TSO-related class profiles & permissions
c. CICS - transaction & command protection
10. Logging & Reporting
a. SETROPTS & profile monitoring options
b. Reporting tools
11. Administrative Authorities
a. System & Group level SPECIAL & AUDITOR
b. Group connect authorities
c. Class authorization and FIELD profiles
d. Policies, standards, and staffing
12. RACF Configuration
a. Exits & customization
b. Database backup and maintenance
13. RACF Audit Plan, Process, & Tools
a. Introduction to RACF
b. Profiles & relationships
2. Users
a. Identification & authentication
b. Password composition & options
c. User profile contents & segments
d. RACF commands and reports for users
3. Groups
a. Concepts, hierarchy, & functions
b. Group profile contents & segments
c. RACF commands and reports for groups
4. Resource Protection
a. Concepts
b. Resource profiles - generic & discrete
c. OPERATIONS & privileged access authorities
d. Access permissions & authorization process
5. Datasets
a. Dataset basics & protection
b. Dataset profiles & contents
c. PROTECTALL & TAPEDSN control options
d. RACF commands and reports for datasets
6. General Resources
a. Resource types, names & protection
b. General Resource profiles & contents
c. RACF commands and reports for resources
7. JES-related Controls
a. Started Task identification
b. Batch job controls (e.g., SURROGAT)
8. DASD Storage Administration
a. STGADMIN FACILITY profiles
b. DASDVOL profiles
9. System Product Controls
a. Unix System Services (USS) - BPX profiles
b. TSO-related class profiles & permissions
c. CICS - transaction & command protection
10. Logging & Reporting
a. SETROPTS & profile monitoring options
b. Reporting tools
11. Administrative Authorities
a. System & Group level SPECIAL & AUDITOR
b. Group connect authorities
c. Class authorization and FIELD profiles
d. Policies, standards, and staffing
12. RACF Configuration
a. Exits & customization
b. Database backup and maintenance
13. RACF Audit Plan, Process, & Tools
About The Training Provider: RSH Consulting, Inc.
RSH Consulting, Inc. - RSH Consulting, Inc. is dedicated to helping clients strengthen their IBM mainframe security by fully exploiting all the capabilities and latest innovations in RACF. We offer introductory and advanced public and in-house training in implementing, administering, and auditing RACF.
