First AS/400 Audit
A theoretical organization is primarily Windows-based, and has built-in challenges in dealing with AS/400. The level of in-house technical expertise on AS/400 is lower than Windows. Touch-points between AS/400 and the Windows systems are SMB fileshares and SSH (SFTP) file transfers.
For an organization such as this, what are the best "first" steps that a proactive information security management team should take when assessing overall risk on the AS/400 platform?
The assumption is that there are some basic infosec hygeine steps such as ensuring changes affecting AS/400 are as documented as they would be if the change dealt with a Windows system. But the practicality is that if an organization is focued on Windows systems, they may be under-documenting things with AS/400.
You must sign in to rate content.
You must login to leave a comment.