HG70: How to Audit Cross-Platform Applications
- Currently available for in-house sessions
Please click: Here for Registration Form
For more information on seminar dates, locations, and hotels, and how to register, please click here:
Schedule/Registration/Locations/Hotels for IS Audit Training
This class shows you how to audit the protection of an application's data when the data is kept on a mainframe computer connected to other platforms (that is, other models of computer such as UNIX, WIndows, Novell, and others).
You will learn how to identify all the platforms involved and the network connections between them. Even if you aren't familiar with all the platforms, you will learn a straight-forward, simple approach to collect and analyze information on the security of each platform, and on the security of the entire cross-platform architecture. You will then learn how to audit the protection over your application's data in the light of these findings.
HG70: You Will Learn:
- How to determine what platforms are involved and how they are connected
- How the underlying hardware and software work
- Where the control points are and how to evaluate them
- What data to collect and how to interpret it
- How to conduct the audit, from planning and scoping through follow-up
- What all the related buzzwords and acronyms mean
- How to conduct the audit rapidly and efficiently, with maximum benefit to your organization
The workbook is a valuable reference and includes a complete audit program.
Who Should Attend HG70?
- Information Techology auditors who will be auditing cross-platform applications
- Financial auditors who want to learn more about IT auditing
Class Outline
Table of Contents and Class Outline:
HG70: How to Audit Cross-Platform Applications
I Keywords and Concepts
A. Introduction
B. How Common Security Concepts are Reflected on Different Platforms
C. How Connecting Different Platforms Affects Security
D. What to Do If You Aren't Familiar with a Given Platform
E. Control Objectives
F. The Audit Program
II Action Plan
A. Scoping, Planning, and Basic Data-Gathering
B. Evaluation of Each Platform's User Identification
C. Evaluation of Each Platform's Data Protection
D. Evaluation of Connection Security
E. Evaluation of the Protection for the Application's Data on All
Platforms
F. Wrap-up, Working Papers, Follow-up
III Forms and Reference
A. Basic Security Model
B. Forms to Document Platforms and Links Between Them
C. Audit Plan
D. Model Documents
E. Security Details for Various Platforms
UNIX Security Details
Windows NT and Windows/2000 Security Details
MVS with RACF Security Details
MVS with ACF2 Security Details
MVS with TopSecret Details
CICS Security Details
MQ Series Security Details
DB2 Security Details
TCP/IP Security Details
INDEX
Please note that these seminars are available for In-House Sessions.
You can save more money by learning about our seminar Discounts
Return to Top of Page Return to Home Page
Stu Henderson offers MVS security audits, consulting, seminars, articles, and other information sharing related to information security and auditing. His consulting includes: security reviews, risk assessments, RACF implementation assistance, and Information Technology audit technical counseling.
His most popular seminars provide: RACF training, mainframe audit training including MVS and z/OS audit training. His RACF seminars include: "Effective RACF Administration", "Advanced RACF Administration", and "UNIX (USS) for RACF Administrators".
His audit seminars include: "How to Audit MVS, RACF, ACF2, TopSecret, CICS, DB2, and MQ Series Security" and the follow-on "How to Audit z/OS with USS, TCP/IP, FTP, and the Internet"
Information on class location and schedules, as well as articles, links and other useful information sharing may be found on his website at www.stuhenderson.com