AS400 security, audit and control

Please note this is a Short Discount publication. Written by a regular user and auditor of the AS400 - this manual is aimed at computer auditors and IT security personnel. The objectives of this manual are to provide a comprehensive and practical guide to the security aspects of the AS400. The manual contains step-by-step coverage of the security features that IBM have built into each AS400 into the security structure of the company, it will help the user check the adequacy and effectiveness of the organizations current security strategy. The manual is completely up to date and includes the latest enhancements to security incorporated into Version 2 Releases 1 and 2 of the operating systems. Commencing with an overview of AS400 hardware, software and application security, the manual details security features and the procedural controls necessary to overcome or minimize their associated risks. Access methods are outlined, in particular password controls; and the procedures for saving and restoring changes to security settings are described. The management issues of security administration for the system are discussed, looking at the basics of establishing and maintaining security. This is followed by a section on performance management and monitoring, with considerations of how the overhead security imposes on the performance of the system may be reduced without compromising controls. The manual concludes detailing audit and the use of audit of an AS400.

Overviews: AS400 overview. AS400 security overview. Creating a Secure Environment: Security features. User profiles and authorities. Password security. Backup and recovery. Security Administration: Solving user access problems. Performance Management and Monitoring: System management. System management monitoring. System access monitoring. Security overhead. Auditing and Audit Use of the AS400: AS400 audit. AS400 file interrogation. Use of query by auditors. File transfer from AS400 to a PC.