IBM i & i5/OS Security & Compliance: A Practical Guide

Get a fresh look at the world of IBM i and i5/OS security in this comprehensive book by one of the industry s leading authorities on security. Security consultant Carol Woodbury takes her extensive experience designing and implementing security on IBM systems and makes it relevant for today s world. Throughout the book, she discusses issues that organizations need to address for compliance requirements, providing best practices as well as alternatives and options for compensating controls when best practices cannot be applied. Building on the foundation laid by the popular Experts Guide to OS/400 & i5/OS Security, this edition features completely updated information throughout. New chapters address compliance requirements for IBM i, implementing role-based access (RBAC), implementing object-level security, and creating a security incident response plan. Carol Woodbury s methodology for implementing object-level security is described in detail. Topics include determining a system s current settings, default access requirements, process access, and the rollout of new application security models. The book presents this information in a clear and informative way that lets even non-security professionals understand and apply the concepts. This book is a must-read for any auditor, system administrator, security officer, or compliance officer who works with IBM i or i5/OS.

Contents
Chapter 1: Security The Real Reason You re Reading This Book
Chapter 2: Policies and Procedures
Chapter 3: Security at the System Level
Chapter 4: The Facts About User Profiles
Chapter 5: Service Tools Security
Chapter 6: Object-Level Security
Chapter 7: Security Considerations for the IFS
Chapter 8: Securing Your Printed Output
Chapter 9: Encryption
Chapter 10: Connecting to the System
Chapter 11: Internet Security
Chapter 12: Evaluating Applications Current Implementations and Designing New Ones Chapter 13: Role-based Access (RBAC)
Chapter 14: Role-based Access for IT
Chapter 15: Auditing
Chapter 16: Implementing Object-Level Security
Chapter 17: Maintaining Compliance
Chapter 18: Preparing for the Worst: Creating a Security Incident Response Plan Chapter 19: Creating a Security Awareness Program


About the Author
Carol Woodbury is president of SkyView Partners, Inc., a firm she co-founded in 2002 that specializes in security policy compliance software and remediation services. Carol has worked in the field of security since 1990. She worked for IBM in Rochester, Minnesota, for 16 years, the last 10 of which were spent as team leader of the OS/400 security development team and chief engineering manager for AS/400 security. Carol is an award-winning speaker who speaks around the world on the topic of security. She is also an award-winning writer and serves as a technical expert on security topics for numerous publications