Select Page

Custom Trainings
Learn from the IT Security and Compliance from Experts

Get well prepared and ready for your security and compliance missions.

We provide you with tailored education and training in the fields in which you have demands or challenges.


N
z/OS-related training (RACF, USS, etc.)
N

SF solution training

N

non-SF solution training (e.g. Splunk, etc.)

Contact us and tell us more about your demand and focus.

Location

This workshop is exclusively offered as an inhouse training. You must supply the room, beamer, overhead projector, flip chart, and access to the z/OS system.

Participants

z/OS system programming, RACF and Security Server administration, auditing, IT security, and the UNIX departments.

}

Time

1.5 up to 2 days.

Number of Participants

Up to 10 internal employees; external employees are not permitted.

Cost

Upon your request

Training Material

Included.

Are you interested in this leading know-how?

 

Please don't hesitate to contact us through our contact form below or by our worldwide toll-free phone number ++800-37333853 (++800-DRFEDTKE) 
or an e-mail to training@enterprise-it-security.com

Trainings to the max.

Training Services

Our individualized training will make your teams strong and competent in all relevant fields. Just let us know your demands and we will prepare the required knowledge transfer for you.

News & IT Security Forum

System REXX and BCPii are the ”next APF“

If you look back along the evolutionary steps of mainframe security, APF libraries play a leading role – due to their “superpower.” Until the 1980s, “almost anyone” working on a mainframe was able and allowed to define one themselves. In most cases, there was no APF library protection at all. Then there was a phase where APF-related auditing received more and more attention, and correspondingly became an important audit issue.

The attention that “APF” received as a security risk has continued to increase over time. Today, it has almost reached the highest level of awareness: only a very few members of a company’s mainframe team are allowed to define a new APF library or update existing ones. Any such action requires prior permission, not just some documentation after it has happened. On our customer visits, we have seen companies where a new APF library requires not only an official change request, but up to “5 signatures.” Otherwise, you lose your job. Correspondingly, relentless monitoring and compliance reporting has become standard for the “APF” risk, resulting in real-time security alerts by a SIEM if corresponding rules are bypassed.

So far, so good. Now that there is great awareness of “APF,” the question will be if the entire mainframe security mission has now been accomplished? Or what’s the next superpower, following “APF,” that mainframe users need to focus on?

Based on our worldwide penetration testing experience, we have determined that “System REXX” and “BCPii” are two further members of the superpower league; both are good candidates for becoming the next “big focus.” In recent years, both z/OS features have been improved so that they are now “easy-to-use” functions. But there is no free lunch. As a consequence, highly critical operations became minimally complex, and you have to “pay” the price for setting up gap-free security measures. User-friendly and easy-to-use superpower features are an invitation to attackers. Complexity is a kind of protection. Compared to assembler programming or disassembling machine code, REXX programming is pretty trivial!

This is why SF-Sherlock focuses intensively on both of these areas. Please feel free to contact us to discuss additional details of what is necessary to properly protect System REXX and BCPii.

Join our newsletter list

Worldwide toll-free phone number

+800 - 37 333 853
or simply dial:
+800 - DRFEDTKE

Alternatively:
+41 (0)41 710 7444

(+ represents the prefix for international calls; in most countries it is 00, and you have to dial 00800-37333853; in the U.S. it corresponds to 011, and you have to dial 011-800-37333853)

Find Us

Headquarters

Seestrasse 3a, 6300 Zug, Switzerland

Visitors & Training

Dammstrasse 19, 6301 Zug, Switzerland

Social Media

Xing → Linkedin →

Write Us

Marketing
marketing@enterprise-it-security.com
copy the address

Technical support and hotline
hotline@enterprise-it-security.com
copy the address

Legal and compliance
legal@enterprise-it-security.com
copy the address

error: Content is protected!