The vast majority of mission critical
applications and data still reside on IBM Enterprise Servers. Yet,
the security of the mainframe has largely
been ignored in recent years because of a common misperception that
the mainframe environment is somehow stable and mature. In reality, many
organizations never fully completed their implementations of
security while others have not properly
maintained or updated them to take advantage of recent enhancements. RSH Consulting's services can be invaluable
in addressing these vital concerns.
We excel in
implementing and enhancing RACF. This has always been our core
service and is the area of greatest strength and depth in the
background and experience of our consulting staff. Follow the links below to
learn more about how RSH can help you:
| || |
Beat the auditors and regulators to the punch -- find and
fix the problem before they show up!
| || |
Unsure where to begin or how to tackle certain tasks -- let
us guide you.
| || |
Give RACF a solid foundation and framework -- we can help
you develop the necessary policies, standards, and naming
| || |
Is your RACF cumbersome to administer -- let us help you
streamline your architecture and automate administrative
Trying to consolidate and harmonize RACF databases -- we have
tools and talent to help you get the job done.
| || |
Don't have the time or expertise -- we can provide both.
Security Reviews & Audits
An essential starting point in any effort to enhance
RACF is a thorough examination of your current implementation. Our
reviews encompass every aspect of RACF controls -- user
identification and authentication, dataset protection, monitoring,
general resource protection, and security administration.
Evaluating RACF options and profiles
is only a part of what RSH delivers. We
look beyond RACF to examine security policies, administrative practices
and procedures, and the security-related interfaces and
configuration parameters in other system software because they
substantially influence the effectiveness of RACF and your overall
mainframe security. We
are often able to identify and help resolve organizational and procedural roadblocks to the
implementation of sound controls.
For organizations subject to the
provisions of the Sarbanes-Oxley Act,
we focus on controls specific to your financial application along
with the overall RACF controls. Of particular
interest to us are the protections afforded databases, transactions,
and resources related to these systems.
Our review efforts are aided by an extensive set of
in-house developed software tools. However, we firmly
believe software alone cannot substitute for thoughtful analysis. A
hallmark of our reviews is the intense effort we devote to
thoroughly understanding the unique nature and complexities of each client's system environment
and implementation of RACF. This enables us to uncover subtle vulnerabilities that have left them
Our reports are unmatched for their
breadth and depth of information. We use them as a tool for
knowledge transfer. Every report offers both practical
recommendations and implementation advice. We also make it a point
to praise good control practices as well as identify concerns.
Mentor & Advisor
Are you faced with
the task of trying to:
Lock down Started
Unix System Services
storage administration authorities
Develop RACF exits
JES and SDSF
the latest RACF features
requirements of HIPAA, SOX, and PCI
We can provide
just the right amount of timely, helpful advice, suggestions, and
guidance needed to kick-start your efforts, maintain your momentum,
and keep you on track. A few minutes with our knowledgeable staff
can save you hours of research and frustration. Plus, we can alert
you to potential problems and any pitfalls to avoid before you
stumble on them.
Policies & Management
understands the ground rules can make a huge difference in whether
RACF is properly implemented and maintained. It is not uncommon for
us to trace the source of technical control problems back to policy
deficiencies. We will work with your security, technical support,
and audit staffs to craft policies and standards that will encompass
your entire mainframe software environment and address everyone's
needs and views. Our extensive document templates and prior
experience can make short work of this effort.
We can also help
you establish or improve your overall security management program.
Our services include developing general security policies,
establishing data ownership, designing naming conventions, and
helping to justify additional security staff and resources.
Architecture & Automation
Ill-conceived or haphazardly
maintained group architectures and naming conventions can be a
nightmare to administer. We can unscramble the current structure and
devise a new one that eases your burden. We are especially adept at
redesigning and refining large-scale implementations of RACF using
role-based access control concepts.
This effort ordinarily involves
determining resource ownership, defining a group hierarchy
compatible with your organizational structure, establishing or
revising profile naming conventions, migrating existing users into
the new architecture, and adjusting group administrator authority.
To support new or existing
architectures, we can create automated tools to assist you with RACF
administration and help to maintain quality assurance. This often
includes building software interfaces with your Human Resources
system to automatically manage user creation, termination, transfer,
and authority. This service is particularly valuable if you are
planning to implement user provisioning software as it prepares your
RACF for an easier installation.
We can also develop RACF reports
unique to your organization to assist with common administrative
tasks and control monitoring. Our favorite software tool is REXX,
which facilitates rapid development and is simple to maintain.
Synchronize & Merge
whether you are planning to consolidate RACF databases or implement
RACF Remote Sharing Facility (RRSF), the effort to synchronize and
harmonize independent RACF databases and implementations can be
a complex process. It requires identifying and resolving differences
and mismatches in RACF tables, SETROPTS options, group structures,
profiles, segments, and permissions. It may necessitate changes to
such items as Started Task USERID assignments, Unix System Service
permissions, and configuration parameters within JES and other
RSH has both the experience and
help you complete this effort successfully and with a minimum of
difficulties. We can assist you every step of the way -- from
initial planning and analysis to implementation of changes and final
activation. We have software tools designed to pinpoint critical
profile differences, and we can offer you effective recommendations
for addressing them. The experience
we have gained in past projects allows us to recognize potential
roadblocks in advance and determine which situations may turn out
to be more complex than anticipated. This enables us to help you set
realistic milestones and to reach those milestones on time and
Enhancement & Assistance
We can help you with almost any RACF
implementation task imaginable and our role and services can be very
flexible to meet your specific needs. Moving beyond mentoring and
advising, our staff can assume responsibility for specific projects
to implement new controls or refine existing ones. We can perform
the work entirely on our own or as members of a team combined with individuals from your
staff. Whatever the role, one of our primary objectives is knowledge
transfer. We want you to have a clear understanding of what we did
and why so that you can maintain the controls thereafter.