Partner TechTip: The Auditor Needs to See WHAT?

Typography
  • Smaller Small Medium Big Bigger
  • Default Helvetica Segoe Georgia Times

PowerTech Compliance Monitor v3.0 ushers in the next generation of advanced audit reporting for IBM i.

 

Audits are a way of life in today's regulated world. Whether it's Sarbanes-Oxley (SOX), the Payment Card Industry (PCI), or the multitude of other government and industry standards, few organizations escape the reach of one or more of these regulations. Unfortunately, there are few things that drive fear into the heart of IT personnel more than the arrival of an auditor: "What are they going to ask to see?" "Do I have to explain what *JOBCTL means again?" "How can I get all my normal work done when I have to figure out how to report on the very information that will be used to penalize me?"

 

Anyone who has survived an IT audit will agree that there are two main challenges with the process. First, auditors often speak a different "language" from the staff charged with maintaining and securing these systems. Auditors are trained in general IT standards like COBIT, compensating controls, and regulatory compliance. In contrast, security officers and administrators understand special authorities, public access, and system values. Second, an auditor typically is there to find issues with your configuration rather than help with risk evaluation and mitigation. This is complicated further when the auditor doesn't understand the nuances of IBM i—or the hardware on which it runs—and simply requests one report after another.

 

To minimize the impact of an audit, and the common challenges that it entails, you can turn to PowerTech's Compliance Monitor. Powerful reporting capabilities make light work of generating the information that auditors need to see, including scorecards of policy compliance, numerous configuration measurements, and forensic analysis of the IBM i security audit journal. In addition, Compliance Monitor links to an extensive Compliance Guide that's designed to help bridge the gap between the two camps by explaining popular audit standards and providing recommendations for best practices.

 

As you sip your coffee and read this article, Compliance Monitor  version 3 is shipping, marking the official arrival of the next iteration of the most powerful reporting solution available for IBM i.

 

Compliance Monitor 3 eliminates the need to install custom software on the console PC, making information even more accessible to authorized users—including auditors! In its place, you'll find a powerful browser-based interface that makes it easy to specify report requirements and to present the collected information (see Figure 1).

 

030411HelpCM3

Figure 1: PowerTech Compliance Monitor 3 offers a new browser-based interface that simplifies audit reporting. 

 

Compliance Monitor 3 also provides an "intelligent" pre-checker utility that helps you verify that your server meets the requirements for the new version. You can run the pre-checker in advance so your install (or upgrade from a previous version) proceeds successfully. A new automated install process performs most of the necessary configuration, so you can be up and running faster and generating reports sooner. Additionally, a number of infrastructure enhancements translate into better performance and improved reliability.

 

Compliance Monitor 3 adds several new reports to its already extensive resume, including a predefined report category designed exclusively to help gaming organizations comply with Nevada's Minimum Internal Control Standards (MICS). Other new reports cover security system values added in IBM i 6.1, native and IFS object reports, and authority adoption information.

 

Of course, all the powerful features that previously established Compliance Monitor as the premier audit solution—consolidated reporting across partitions, compliance scorecards, scheduled collections, and powerful filtering and forensic analysis of audit journal events—are still there in Version 3.

 

You might think we're going to sit back and relax after all this excitement, but we feel that an investment in PowerTech solutions is an ongoing investment. We've already identified additional exciting enhancements for the entire product suite, and our development team is dedicated to maintaining the momentum.

 

For more information on Compliance Monitor, click here. And don't forget to check out the other products in the PowerTech line of security solutions.

as/400, os/400, iseries, system i, i5/os, ibm i, power systems, 6.1, 7.1, V7,

Robin Tatam

Robin Tatam is the Director of Security Technologies for PowerTech, a leading provider of security solutions for the System i. As a frequent speaker on security topics, he was also co-author of the Redbook IBM System i Security: Protecting i5/OS Data with Encryption. Robin can be reached at 952.563.2768 or This email address is being protected from spambots. You need JavaScript enabled to view it..

BLOG COMMENTS POWERED BY DISQUS

LATEST COMMENTS

Support MC Press Online

$

Book Reviews

Resource Center

  •  

  • LANSA Business users want new applications now. Market and regulatory pressures require faster application updates and delivery into production. Your IBM i developers may be approaching retirement, and you see no sure way to fill their positions with experienced developers. In addition, you may be caught between maintaining your existing applications and the uncertainty of moving to something new.

  • The MC Resource Centers bring you the widest selection of white papers, trial software, and on-demand webcasts for you to choose from. >> Review the list of White Papers, Trial Software or On-Demand Webcast at the MC Press Resource Center. >> Add the items to yru Cart and complet he checkout process and submit

  • SB Profound WC 5536Join us for this hour-long webcast that will explore:

  • Fortra IT managers hoping to find new IBM i talent are discovering that the pool of experienced RPG programmers and operators or administrators with intimate knowledge of the operating system and the applications that run on it is small. This begs the question: How will you manage the platform that supports such a big part of your business? This guide offers strategies and software suggestions to help you plan IT staffing and resources and smooth the transition after your AS/400 talent retires. Read on to learn: