Book Review: IBM Mainframe Security: Beyond the Basics

Security - Other
Typography
  • Smaller Small Medium Big Bigger
  • Default Helvetica Segoe Georgia Times

Beginners will have a strong foundation after reading this book. Experienced professionals will reference it frequently.

 

There are several factors in the information industry today that make IBM Mainframe Security: Beyond the Basics pertinent. The biggest one may well be summed up by this question: "What will you do when we're gone?"

 

My own career began with a job to pay for college tuition and grew for 35 years. I believe every one of my associates has come to their level of expertise more or less by a similar process of progressive accumulation of knowledge and skills, including formal education and training, on-the-job training, conferences, seminars, sharing among user groups, and a continually shifting set of challenges that called for new resolutionsnot to mention the painful but effective experience of problem solving. The most valuable contributions have undoubtedly been the insights, attitudes, and intellectual approaches that were learned from coworkers and associates.

 

That is "us." I humbly include myself in a group with Dinesh Dattani of somewhat self-styled mainframe security professionals. As a result of variations in Mr. Dattani's experiences, his book shows emphasis in places I wouldn't have thought; hence from it I learned new things. In this field, we learn from each other. And forgive me for saying so, fellow mainframers who grew up with this technology, but we are growing old and leaving the workplace. Mr. Dattani offers this book so that our hard-earned knowledge isn't lost into the sunset.

 

In his book, he includes quotations at the beginning of many chapters. These add interest, but don't judge them merely as amusements because they also capture some of the greatest pearls of mindset that a security professional can possess. This is just one of the ways this book proudly continues the tradition of sharing and handing down the collective wisdom of decades of security professionals.

 

There is a clear progression from a basic justification of information security practices, to the core aspects of the operating system security processes, followed by treatment of system-wide levels of RACF empowerment: System SPECIAL, System OPERATIONS, and System AUDITOR. This progression continues into DSMON and all its functions and reports, the role and valuable "tension" with the auditing functions, etc.

 

At each step in this journey, the reader is not merely exposed to a concept but is given actionable directions for implementation. For example, while reading the discussion of the overarching importance of continued use of DSMON, we are also provided with the syntactical details of every DSMON function and what each will produce, which allows the reader to code them directly into JCL and execute a job to achieve the results described.

 

Beginners will certainly have a stronger foundation after reading this book. Experienced professionals will reference it frequently. Whether this is a new arena for you or you need an occasional reminder of what something is or how and when you should be doing it, I recommend that you not let this book get away from you!

 

Edward Jasper

Edward (Kevin) Jasper is an Information Security Specialist and Consultant with a background developed on computer systems of some of America's largest banking, transportation, credit card, stock brokerage, and insurance firms. His corporate responsibilities have ranged from technician to Director of Information Security systems in mainframe and distributed technologies. Currently, he enjoys the personal benefits of a Midwestern city with his wife, daughter, and granddaughter while periodically venturing out to serve contracts around the country.

BLOG COMMENTS POWERED BY DISQUS

LATEST COMMENTS

Support MC Press Online

$

Book Reviews

Resource Center

  •  

  • LANSA Business users want new applications now. Market and regulatory pressures require faster application updates and delivery into production. Your IBM i developers may be approaching retirement, and you see no sure way to fill their positions with experienced developers. In addition, you may be caught between maintaining your existing applications and the uncertainty of moving to something new.

  • The MC Resource Centers bring you the widest selection of white papers, trial software, and on-demand webcasts for you to choose from. >> Review the list of White Papers, Trial Software or On-Demand Webcast at the MC Press Resource Center. >> Add the items to yru Cart and complet he checkout process and submit

  • SB Profound WC 5536Join us for this hour-long webcast that will explore:

  • Fortra IT managers hoping to find new IBM i talent are discovering that the pool of experienced RPG programmers and operators or administrators with intimate knowledge of the operating system and the applications that run on it is small. This begs the question: How will you manage the platform that supports such a big part of your business? This guide offers strategies and software suggestions to help you plan IT staffing and resources and smooth the transition after your AS/400 talent retires. Read on to learn: