Mainframes are big complex systems. Housing and managing the data stored and processed on these systems involves many access points and lots of risks. Because of these numerous risks, it is important to periodically assess the security measures your company has in place to make sure they are sufficient for protecting the data and the integrity of your system. Here are some good questions to ask yourself while self-auditing the security of your mainframe system.
How can I make sure my system is up-to-date with the latest software patches, bug fixes, and security updates?
As software is updated, new features and performance improvements are usually released. There are often also accompanying bug fixes that improve security. The opposite is also true. Some software updates could potentially introduce new vulnerabilities. It is typically best to stay on the latest version of software available, but it is also important to verify that changes do not introduce new vulnerabilities. Automatic updates are useful and can save a lot of time. But ultimately having a process in place for updating to new versions manually will make it easier to understand the pros and cons of new versions.
What systems do I have in place to prevent unauthorized personnel from manipulating or stealing data?
Take inventory of the various systems in place to protect data on your mainframe. How secure is the data at rest, in process, and in transit? Strong cryptograph encryption software makes it easier to know your data is secure wherever it resides on the system.
How are duties separated among my mainframe security staff?
Dividing up responsibility for access to the system across multiple employees or departments can greatly reduce the risk of individuals compromising the system. Dividing these responsibilities also ensures that domain knowledge of the security system is not concentrated on any one individual.
How accurately can I follow the audit trail of various pieces of data?
An audit trail is a must-have for any security system. You must be able to trace back an exploit or a data breach to its source. Following a piece of data through the system will give insight into the different points at which it can be manipulated, providing you with the information you need to ensure its security.
Have you tested the effectiveness of security controls with sample entries?
Utilizing test data and sample transactions is a great way to audit the way data flows through your system. It provides a safe way to test the security of the interaction of all the various systems on your mainframe.
Are there systems running on my mainframe that could be used to access or compromise the security of other systems?
A user on your mainframe may have permissions to operate one application, but if that application has access to more of the system, it could be then used to access data from a restricted or sensitive part. Any programs with exploitable back doors should be walled off from the rest of the system.
Does the process of recovering passwords prevent unauthorized individuals from gaining access?
An automated system for password management protects the system from social engineering or other manipulative ways of hacking a system.
How effectively does my business keep track of user profiles to know who has access to what data?
The wide variety of users for any mainframe system means there will be many different user profiles and levels of access. Making sure there is an effective way to manage these profiles and users in RACF is a critical component of your mainframe’s security.
There should be comprehensive testing for all the security measures in place to protect the data on your system. Without proper testing measures in place, it will be impossible to know if your security protocols will successfully protect your system.
The above questions are just some general ideas to get you thinking about the numerous security concerns you have to consider for your system. What else should be considered in a security audit? Let us know in the comments.