CorreLog Whitepaper: Enhancing z/OS Security Compliance

Summary:

This document, titled "11 Guidelines for Minimizing Vulnerability for IBM z/OS while Improving Compliance," emphasizes the importance of mainframe security in safeguarding sensitive data from breaches. With critical infrastructure relying on mainframes, including financial transactions and personal information like credit cards and health records, a secure environment is crucial. The whitepaper advises organizations to adopt guidelines from reputable sources such as NIST Framework, Gartner's Security 2020 Scenario, and Long-Range Planning Guidance for Informa(cid:415) on Security and Risk Management. It advocates for implementing people-centric security strategies that involve technologies like COBOL running on IBM mainframes to combat cyber threats effectively. The document also addresses the need for real-time monitoring through event logs, establishing log management processes with clear policies, and correlating multiple event logs for better understanding of user or system activities. To enhance mainframe systems' performance, availability, and security, CorreLog suggests connecting them to a single console for improved management and preventing unauthorized access. The document concludes by providing contact information for the company, CorreLog, located in Naples, Florida.

Details:

The whitepaper "11 Guidelines for Minimizing Vulnerability for IBM z/OS while Improving Compliance" presented by CorreLog emphasizes the criticality of mainframe security in data centers. Given the sensitive nature of data stored on mainframes, including credit card and identity information, health records, and government records, a breach can have severe consequences. The whitepaper highlights that sophisticated hacker techniques can go undetected for extended periods before being identified, as seen in cases like the Target breach. It advises organizations to implement guidelines from reliable sources such as NIST Framework, Gartner's Security 2020 Scenario, and Long-Range Planning Guidance for Informa(cid:415) on Security and Risk Management. The document emphasizes risk management basics established by NIST and the need for long-range planning in maintaining information security across critical infrastructure. The article highlights the importance of adopting people-centric security strategies in enterprises for securing them against breaches, especially after witnessing numerous high-profile breaches such as those at Target, Neiman Marcus, Sally Beauty Supply, and the University of Maryland. It emphasizes that traditional cybersecurity measures are becoming obsolete and suggests shifting to more modern approaches like internal monitoring and sharing of security intelligence, which involve technologies like COBOL running on IBM mainframes for processing financial transactions globally. The article also references a common industry message stating that enterprises will get breached eventually, urging them to minimize the damage by implementing efficient computer security incident response teams (CSIRTs) and developing comprehensive security management strategies. The article discusses the evolution of mainframe security since the 1980s when they were considered isolated and locked down due to their role in government and industry for nearly 50 years. However, with the proliferation of HTTP protocol over TCP/IP, mainframes have become more interoperable than ever before. This shift has led to a new cyber threat environment where breaches are reported frequently. The article highlights that while some organizations like SHARE.org and MIS Training Institute exist to address these issues, they are largely driven by vendor interests. It emphasizes the need for governments and industries to come clean about cyber threats in order to combat them effectively. The article specifically mentions high-profile data breaches at Target, Neiman Marcus, and the University of Maryland as examples of how sensitive information can be compromised, even from mainframes. To summarize this text, the goal is to enhance the performance, availability, and security of mainframe systems by connecting them to a single console for better management. The challenge lies in dealing with IT complexity while making it difficult for hackers to breach the system. While there have been advancements in interoperability, real-time monitoring through event logs is crucial. This includes collecting all event logs immediately for remediation and forensic analysis. It's also important to establish a log management process and policy that applies across both distributed and mainframe environments. Here are some key points from the text: 1. Event logs should be collected in real-time rather than processed in batch mode, as this is crucial for immediate response to cyber threats. 2. Implementing a log management process with clear policies ensures comprehensive collection of event log data across different systems and environments. 3. These practices aim to make the mainframe less vulnerable by providing better visibility into user and system activities. 4. The goal is to create a more secure environment that deters hackers from attempting to breach the system, similar to how Target's CIO faced potential consequences of lax security measures. The text discusses the importance of correlating multiple event logs to understand user or system behavioral patterns, which can help identify anomalies that might indicate potential threats. It emphasizes the need for mechanisms like the CorreLog Agent for IBM z/OS to convert z/OS SMF records into RFC 3164-compliant Syslog messages for security operations centers. The following are key points from the text: 1. Understanding which event logs are most important to correlate data is crucial for security analysis and can reveal consistent but mundane patterns or anomalies that require further investigation. 2. It highlights specific requirements such as monitoring administrator access, having an audit trail for DB2, collecting mainframe events from security subsystems like RACF®, ACF2, and CA Top Secret, tracking TSO logons/logoffs and invalid accesses, and monitoring access to credit cardholder data by user privilege. 3. All these requirements are pertinent to various compliance standards including PCI DSS, HIPAA, SOX, FISMA, NERC, among others. The text discusses the importance of securing mainframe computers due to their connection to the internet and the potential for handling sensitive data such as credit card information and personal identity details. It highlights that despite being generally considered secure, mainframes are facing increased security threats from open-source software and the inability to lock them down. To address these issues, the author recommends a three-step process: collecting relevant event data according to standards like PCI DSS, correlating all collected data across different platforms, and using an alert system for immediate detection of potential breaches. The success achieved by the author's company in implementing this approach with clients is mentioned as evidence of its effectiveness. The text provides contact information for a company named "Correlog". Here's the breakdown of the details provided in the text: 1. Address: They are located at Naples, Florida with the postal code 34110. 2. Telephone numbers: You can reach them by calling either 1-877-CorreLog or (239) 514-3331. 3. Email address: The email address to contact them is info@correlog.com. 4. Website: The website for the company is www.correlog.com.