OS/400

ISACA > Knowledge Center > Professional-English > OS/400 > ViewDiscussion.aspx

Find Resources and Connect with members on topics that interest you.

Featured Topics
Browse Over 100 Topics
Search Topics
My Topics

Young Professionals

Risk Management

Big Data

Audit Tools and Techniques

Privacy/Data Protection

CyberSecurity

Suggest a New Topic

Sort by Category
Sort Alphabetically
COBIT 4.1 Controls Collaboration

Applications

Audit

Business Processes

Career Management

Cloud Computing/Virtualization

COBIT

Controls and Monitoring

Country

India

Databases

Fraud and Computer Crime

Governance and Management

Industry

Information Security

IT Service Management

Mobile/Wireless

Operating Systems

Privacy/Data Protection

Privacy/Data Protection

Regulations

Risk

Standards

Access Control

Application Controls

Application Security

Audit Guidelines

Audit Standards

Audit Tools and Techniques

Basel

Big Data

Business Analytics/Intelligence

Business Continuity-Disaster Recovery Planning

Business Process Management

Career Management

Casinos and Gambling

Change Management

Cloud Computing

COBIT (4.1 and earlier) - Use it Effectively

COBIT (4.1 and earlier) Implementation

COBIT 5 - Implementation

COBIT 5 - Use It Effectively

Compliance

Computer Crime

Continuous Monitoring/Auditing

Controls Monitoring

CyberSecurity

Enterprise Architecture

Enterprise Data Management

Financial Reporting Compliance

Forensics

Frameworks

Fraud

Governance of Enterprise IT

Green IT

Healthcare

HIPAA

HP Non-Stop (Tandem)

Identity Management

IFRS

Incident Management

India

Information Security Management

Information Security Policies/Procedures

Intrusion Prevention/Detection

ISAE 3402

ISO/IEC 20000

ISO/IEC 27000 Series

ISO/IEC 38500

ITIL

J-SOX

Mobile Computing

Network Security

Oracle

Oracle Database

Oracle E-Business Suite

OS/400

PCI DSS

PeopleSoft

Performance Measurement

Physical Security

Privacy/Data Protection

Project/Program/Portfolio Management (P3M)

Quality Standards

Risk Assessment

Risk Management

SAP

Sarbanes-Oxley (SOX)

Security Tools

Security Trends

Service Management

SharePoint

Solvency II

SQL Server

Strategic Planning/Alignment

Students

Unix-like

Value Delivery

Virtualization

Windows

Wireless

XBRL

Young Professionals

z/OS-OS/390

AI - Acquire and Implement

PO - Plan and Organize

DS - Deliver and Support

ME - Monitor and Evaluate

Application Controls

Process Controls

Search

Please sign in to see your topics.

Subscribe to this discussion

First AS/400 Audit

A theoretical organization is primarily Windows-based, and has built-in challenges in dealing with AS/400. The level of in-house technical expertise on AS/400 is lower than Windows. Touch-points between AS/400 and the Windows systems are SMB fileshares and SSH (SFTP) file transfers.

For an organization such as this, what are the best "first" steps that a proactive information security management team should take when assessing overall risk on the AS/400 platform?

The assumption is that there are some basic infosec hygeine steps such as ensuring changes affecting AS/400 are as documented as they would be if the change dealt with a Windows system. But the practicality is that if an organization is focued on Windows systems, they may be under-documenting things with AS/400.

Posted by Jason918 on October 12, 2010 07:07AM

You must sign in to rate content.

(Unrated)

Comments

RE: First AS/400 Audit

First we need to define first what do we mean by overall risk? did we identified the risk involved (in consideration with the nature of applications on AS/400, transactions involved etc)?

Lujer at 2/17/2011 12:09:10 AM

You must sign in to rate content.

(1 ratings)

RE: First AS/400 Audit

If business critical data reside on the system, no matter how it is accessed from outside the system, the first thing to verify are the system auditing settings. QAUDCTL should be set to *OBJAUD, *AUDLVL, and *NOQTEMP. If it is set to *NONE, then absolutely nothing is being audited/tracked. I would be happy to indulge at a more detailed level any time.

smartinson66 at 2/8/2012 10:55:21 AM

You must sign in to rate content.

(Unrated)

RE: First AS/400 Audit

If business critical data reside on the system, no matter how it is accessed from outside the system, the first thing to verify are the system auditing settings. QAUDCTL should be set to *OBJAUD, *AUDLVL, and *NOQTEMP. If it is set to *NONE, then absolutely nothing is being audited/tracked. I would be happy to indulge at a more detailed level any time.

smartinson66 at 2/8/2012 10:55:21 AM

You must sign in to rate content.

(Unrated)

RE: First AS/400 Audit

First we need to define first what do we mean by overall risk? did we identified the risk involved (in consideration with the nature of applications on AS/400, transactions involved etc)?

Lujer at 2/17/2011 12:09:10 AM

You must sign in to rate content.

(1 ratings)

RE: First AS/400 Audit

First we need to define first what do we mean by overall risk? did we identified the risk involved (in consideration with the nature of applications on AS/400, transactions involved etc)?

Lujer at 2/17/2011 12:09:10 AM

You must sign in to rate content.

(1 ratings)

RE: First AS/400 Audit

If business critical data reside on the system, no matter how it is accessed from outside the system, the first thing to verify are the system auditing settings. QAUDCTL should be set to *OBJAUD, *AUDLVL, and *NOQTEMP. If it is set to *NONE, then absolutely nothing is being audited/tracked. I would be happy to indulge at a more detailed level any time.

smartinson66 at 2/8/2012 10:55:21 AM

You must sign in to rate content.

(Unrated)

Leave a Comment

* required

You must login to leave a comment.

« Return to All Discussions « Return to Topic

© 2013 ISACA. All Rights Reserved