Action Software and Audit Serve Presents
Two complimentary half-day z/OS Security Design and Technology Audit Training Sessions
Presented at the Churchill War Rooms in London 26th September 2017 and
at the Hampshire Hotel Rembrandt Square in Amsterdam 28th September 2017
AM Session: Risk Mitigation in z/OS via an extra Security Layer (2 CPEs)
PM Session: Securing loopholes in the z/OS Environment (3 CPEs)
These two half-day seminars will be free to attendees but the limited invitations will be restricted to those individuals who work for organizations that use z/OS or USS.
Action Software’s eventACTION and ussACTION products will be presented as alternate solutions for control deficiencies identified. However, it should be noted that 75% of the seminar content provides the IT background of these control deficiencies found within a z/OS and USS environments and the necessary control design required to mitigate these risks. CPE credits will also be issued for both the AM and PM sessions. All attendees to the London event will also be able to tour the Churchill War Rooms free of charge which includes audio headsets.
AM Session which includes Lunch
Risk Mitigation in z/OS via an extra Security Layer
Intended Audience: Financial, Risk & IT Management
The seminar is intended to brief management on the key vulnerabilities that are most common within the enterprise IT mainframe domain in which risk mitigation strategies are presented based on the functional components delivered by eventACTION and ussACTION.
- Implementing technical and organizational measures required to meet GDPR Article 25 - Data Protection by Design and Default
- Establishing containment measures required by GDPR Article 35 - Data Protection Impact Assessment
- Establishing controls required by SOX
- Establishing host-level controls mandated by PCI
- Overcoming the limited oversight of systems managed by vendors
PM Session which includes Lunch
Securing loopholes in the z/OS Environment
Intended Audience: Audit, Security and GRC Professionals
This seminar is intended to present 10 control design considerations within the mainframe systems development and Infrastructure areas which are in many instances unknown to the most experienced auditors, security and GRC professional. Alternative solutions will be presented which include incorporating eventACTION and ussACTION.
- Controlling JCL Changes and Job Scheduling system components
- Establishing change management processes to manage changes to z/OS and Unix systems datasets/directories
- Controlling and accounting for production support access
- Establishing a change control mechanism for changes to application software components
- Establishing controls over the privileged functions performed by data center operations
- Managing access to z/OS system processes which can bypass RACF security checking
- Managing changes to CICS and JES2 system definitions
- Establishing a secondary security-ring around z/OS and UNIX