Keep on Learning
If you're at the Impact conference, your week is likely very busy! If not.... you may want to consider taking part in these events:
Wednesday May 6, 2009 conference call, 11:30 AM Eastern
DB2 9.7 Overview - Chat with the Lab
Early bird registration for Central Canada DB2 User group Symposium June 8th - 9th 2009
Register before Friday May 8th to be eligible for a free IPOD draw.
Meeting takes place in Toronto and presenters include Mr. DB2 “Roger Miller” along with Susan Lawson, Craig Mullins, Melanie Stopfer and many others are sure to cover the latest and greatest features of DB2.
Musings on DB2 Security for the DB2 LUW DBA
Thursday, May 7, 2009 9:30 AM - 10:30 AM CDT
What do you know about Column Masking? And why should you use it?
DB2 10 Column masking is a significant security tool that can be used to enable greater protections for sensitive data.
IBM Champion Rebecca Bond has a session at IDUG this year called
It takes place in the Grand Sierra H&I on Tuesday, Apr 30, 2013 from 2:00 PM till 3:00 PM.
This session begins with a general overview and gradually moves to a more detailed discussion. Covered are: Use Cases, Examples and Implementation Instructions. The session summary answers the question, “Why use column masking?”
Objective 1: Introduce the new column masking functionality of DB2 10 LUW.
Objective 2: Answer the Question, "Why Use Column Masking?"
Objective 3: Provide examples of appropriate uses for column masks,
Objective 4: Provide implementation steps and instructions for building column masks
Objective 5: Discuss ‘profiting’ from column masking (benefitting the organizational bottom line)
Also by Rebecca:
The book may not be at the current level, but it contains very detailed instructions on how to create a sound security plan for your data. Maybe Rebecca should update the book??
Today is Earth Day, so you can get a discount if you buy this book in eformat... along with one other IBM Press book. For details see Earth Day Sale.
17 Database Journal Articles by Rebecca
Video filmed at IOD 2012 starring Rebecca
If you’re attending IDUG, be sure to meet Rebecca in person... I guarantee that you’ll like her! And attend her session, DB2 10 LUW -- Securely Hiding Behind the Mask. She’s a great speaker and you’ll be sure to walk away just a bit smarter!
Rebecca Bond, an IBM Information Champion, industry recognized independent consultant and author of the only published book specific to DB2 LUW security, "Understanding DB2 9 Security", enjoys sharing technical lessons learned from her experiences in government, healthcare and financial consulting roles. Rebecca holds numerous advanced IBM certifications covering all aspects of DB2 and is an expert at balancing the twin needs of robust security and accelerated performance. Her unique background provides a wealth of pertinent database and security puzzlers, which she delights in helping us understand and solve via articles, blog posts and presentations. Her website is www.securedb2.com.
For IDUG, see also:
The next DB2 Tech Talk takes place on Wednesday, December 12 at 12:30 pm EDT.
The topic: Row and Column Access Control in DB2 10 and InfoSphere Warehouse 10
Guest speaker: Walid Rjaibi, Data Security Architect
Host: Serge Rielau
Click To Register
Many organizations are struggling to comply with regulations and industry standards affecting their businesses, such as HIPPA and PCI DSS, as they also face the need to control costs. With the new row-permission and column-mask features, IBM DB2 10 takes security and ease of use to the next level. This presentation will teach how you can use row permissions and column masks to meet your compliance needs, and will show you tips and proven methods to implement data security while helping to control costs.
Walid has been quite busy this year Take a look at the number of articles / books that he has authored or co-authored:
Congratulations to Jeffrey Laskowski on the release of his new book “Agile IT Security Implementation Methodology”, published this week by Packt Publishing.
Security is one of the most difficult areas in today’s IT industry. The reason being; the speed at which security methods are developing is considerably slower than the methods of hacking. One of the ways to tackle this is to implement Agile IT Security. Agile IT security methodology is based on proven software development practices. It takes the best works from Agile Software Development (Scrum, OpenUp, Lean) and applies it to security implementations.
This book combines the Agile software development practices with IT security. It teaches you how to deal with the ever-increasing threat to IT security and helps you build robust security with lesser costs than most other methods of security. It is designed to teach the fundamental methodologies of an agile approach to IT security. Its intent is to compare traditional IT security implementation approaches to new agile methodologies. Written by a senior IT specialist at IBM, you can rest assured of the usability of these methods directly in your organization.
This book will teach IT Security professionals the concepts and principles that IT development has been using for years to help minimize risk and work more efficiently. The book will take you through various scenarios and aspects of security issues and teach you how to implement security and overcome hurdles during your implementation.
It begins by identifying risks in IT security and showing how Agile principles can be used to tackle them. It then moves to developing security policies and identifying your organization's assets. The last section teaches you how you can overcome real-world issues in implementing Agile security in your organization including dealing with your colleagues.
What you will learn from this book :
The book is a tutorial that goes from basic to professional level for Agile IT security. It begins by assuming little knowledge of agile security. Readers should hold a good knowledge of security methods and agile development.
Who this book is written for
The book is targeted at IT security managers, directors, and architects. It is useful for anyone responsible for the deployment of IT security countermeasures. Security people with a strong knowledge of agile software development will find this book to be a good review of agile concepts.
All this… and did you see the price!
Book and eBook available now
Print only price: $17.99 save 10%
eBook only price: $10.19 save 15%
Print + eBook + PacktLib: $19.79 save 38%
Jeff Laskowski is a senior IT Specialist with IBM's Software group, the author of Agile IT Security Implementation Methodologies, and a freelance author for IBM Developer Works. His expertise in the area of software delivery and security spans more than a decade. During this tenure, Jeff was a principal consultant for application quality at Compuware. As such, Jeff enabled businesses around the globe to proactively integrate effective security practices into their organizations. Jeff joined the IBM team in 2006 and is now a Lead Engineer for the Great Lakes software business unit for Security.
svisser1 2700018UK9 Tags:  cloud xml purescale performance security tuning 1 Comment 7,917 Views
Last week’s blog entry Budgeting for IDUG North America conference as viewed by the DB2 Locksmith by guest Rebecca Bond was very popular, so I’ve asked Rebecca back for a second entry. Actually Rebecca did one for me like this last year as well. I figure that DBAs would benefit more if they hear from a DBA saying what sessions she plans to attend rather than me telling you what sessions are available for you to attend. Rebecca is on the LUW platform, so I’ll try to find a willing guest blogger to do something similar for the z/OS platform so that I’m able to satisfy as many people as possible.
I heart IDUG NA. It’s like a geeky vacation where I learn much, smile and laugh a lot with old and new friends and go home armed with a suitcase full of technical material. This year is especially exciting since I’m going to be presenting two sessions and will be one of the featured speakers for the Dine Around!
As I do almost every year, I plan to take advantage of the free certification testing. I place great value in DB2 certifications and can certainly see evidence on job boards that employers prefer certified employees. The fact that I can take these exams for free helps makes the conference registration cost a bargain.
Monday, May 2 offers Full Day Seminars presented by DB2 Rockstars. True, these are not free, but given that they are being delivered by experts, these seminars offer great benefit for the price. If you are also registered for the full conference, you can add on one of these seminars for $425. See this link for a list of Rockstars and Full Day Seminars. I have some personal plans for Monday, so I will not be able to attend a full day seminar this year.
Typically, I approach planning my conference agenda from the standpoint of “what information will best help with my current job?” This year, however, I’m looking at it from “what sessions are going to be most valuable to increase my DB2 knowledge as I look for my next job?” This time, I’m looking for sessions that will help round out my resume.
The keywords for me for this IDUG are:
pureScale, Performance Tuning, XML, Cloud, and, of course, Security.
The good news is that there are plenty of opportunities to attend sessions on these topics. The bad news is that there are plenty of opportunities to attend sessions on these topics. Until I can get a personal DB2 Locksmith clone (no, not a database clone), I am going to have to make some difficult decisions about which sessions to attend in person. All is not lost, however, since I will definitely download the handouts from all the sessions for later review. I believe that recordings of most of the sessions will be available to attendees after the conference wraps up. So, I won’t really miss anything, I’ll just postpone taking advantage of some of the information.
I have to say though, this year is especially tough because I’ve heard most of these speakers before and I know how good they are. There are SEVERAL Best Speaker award winners in the group. I think Scott Hayes said it best, “DB2’s Got Talent”! That is an equally fitting designation for this year’s IDUG speaker list. (By the way, the winner of the first ever DB2’s Got Talent competition will be at IDUG!)
I’m not going to list my full agenda, because I like to keep a few secrets, or at least that’s my cover story. The truth is I simply cannot decide, but here are some sessions that are high on my personal list of “musts” this year.
Tuesday, May 3:
General Session: Jeff Jonas, Chief Scientist, IBM Entity Analytics and IBM Distinguished Engineer
S02: Choose DB2 LUW and Save Your Company Money, 10:15, Tim Vincent
F01: DB2 and Cloud Computing: Why Should I Care? 12:45, Leon Katsnelson
G02: DB2 LUW Security -- What If Your Firewall Catches Fire, 2:00, Rebecca Bond (DB2 Locksmith)
D03: Best Practices in Action -- The IBM Smart Analytics System, 3:15, Eddie Daghelian
C04: Understanding and Tuning Page Cleaning in DB2, 4:30, Matthias Nicola
Wednesday, May 4:
D06: The Latest from the Lab on DB2 pureScale - Part 1, 9:45, Matt Huras
D07: The Latest from the Lab on DB2 pureScale - Part 2, 11:00, Matt Huras
E08: Real-World XML Application Development Patterns for DB2, 2:45, Fred Sobotka
Thursday, May 5:
C10: Improve Performance by Analyzing DB2 LUW Access Strategies, 9:45, Melanie Stopfer
D11: Workload Optimized Systems - Don't Run a Marathon in High Heels, 1:30, Chris Eaton
Friday, May 6:
G14: Security Secrets for DB2 LUW DBAs, 9:15, Rebecca Bond (DB2 Locksmith)
G15: Monitoring and Troubleshooting Distributed Access to DB2 for z/OS, 10:30, Cristian Molaro
Of course, I also have to find time to meet friends, have interesting technical discussions in the hall, visit the expo, perform the “exchange of business cards ritual” and find some time to get in a run or two. It is certainly going to be busy week, but it will also be a highly educational and entertaining one. When you see me, I hope you will say “Hi” and let me know how you approached choosing your agenda.
Thanks Rebecca! I must say I’m feeling quite sad that I won’t be there! I’ll send all my friends to your Dine Around Night.
svisser1 2700018UK9 Tags:  security tampa sessions books idug rebecca_bond dba conference 5,970 Views
I asked my wonderful friend Rebecca Bond to give me her
I had to make some REALLY difficult decisions. There are some EXCELLENT speakers and sessions this year.
These are the ones I finally decided to attend. I seriously hope that the ones I am going to miss will be presented at IOD so I can try to attend them then. IDUG has outdone themselves with this line up.
I may look at taking one of the classes on Monday. Just depends on how my writing projects are going and if they have any available spaces left when I make the determination.
I can't decide on which restaurant to sign up for on the Dine Around evening. Several good choices and I want to have dinner with everyone so I think I'll just have to put a blindfold on and throw darts at the sign up board....you might want to warn your readers to steer clear of the sign up board if they see a crazy lady in great shoes start to put on her blindfold.
May 11, 2010
8:00 K01: DB2 INNOVATION: POWERING INFORMATION WORKLOADS FOR SMARTER IT
10:00 S02: DB2 FOR LINUX, UNIX AND WINDOWS - TRENDS AND DIRECTIONS
12:30 D01: CAPITALIZING On DB2 LUW V9.7 Capabilities - A Data Management Feature Presentation
1:45 D02: Varsity SQL for the Busy DBA
3:00 C03: Enabling Oracle Applications on DB2 - an Early User Experience
4:15 D04: A VISUAL TOUR OF DB2 9.7 SQL AND PL SQL ENHANCEMENTS
May 12, 2010
8:30 C05: An Indepth Technical Look at DB2 pureScale
9:45 D06: DB2 SECURITY – AMMO FROM THE TRENCHES -- Presenting
11:00 D07: UPGRADING DB2 9.7 – BEST PRACTICES AND LESSONS LEARNED
1:30 V05: You Killed the ELEPHANTS but MOSQUITOES are Killing YOU!
2:45 D08: STUFFED WITH GREAT ENHANCEMENTS - DB2 9.7 FIX PACK 1 NEW FEATURES
4:00 I01: Data Privacy, Security and Audit Compliance -- Panel Participant
May 13, 2010
8:30 C09: pureScale - Why It's So Much Better than Oracle RAC
9:45 D10: LOCKING - WHAT LOCKING? CURRENTLY COMMITTED AND OTHER LOCK AVOIDANCE ENHANCEMENTS TO INCREASE PERFORMANCE AND THROUGHPUT
11:00 V10: END-TO-END MONITORING & PROBLEM DETERMINATION WITH OPTIM PERFORMANCE SOLUTION
1:30 D11: ENABLING FROM ORACLE TO DB2 COBRA THE EASY WAY.
2:45 F12: DB2 Back and Recovery - What Do I Really Need to Know?
4:00 I05: DB2 FOR LUW - HIGH AVAILABILITY & DISASTER RECOVERY
May 14, 2010
8:30 E13: All the FREE Things you can Do with Data Studio
9:45 E14: Diagnosing & Curing? Lock, Wait and Performance Bottlenecks
11:00 B15: Auditing options on DB2 for z./OS (Moderator)
Thanks Rebecca! I wish I was going so I could attend all these amazing sessions with you!
If you missed my posts in the past week, here's the rest of the IDUG coverage that you can find:
A list of all the IBMers who are presenting sessions.
A list of all the
The educational seminars
Don't forget about the
Check out the bookstore that will be onsite where you can purchase the book that Rebecca wrote:
I've already given you many reasons why I'm a huge fan of Rebecca Bond's, but did I tell you about her brillance at coming up with cool analogies or her incredible sense of humour?
Read Rebecca's latest article IBM DB2 9.7, DBADM and my Rubik's Cube published in the Feb 19, 2010 edition of Database Journal explains the changes to DBADM autthority in DB2 9.7 and twist by twist, helps you understand the changes and how to benefit from them. Wonderful article, Rebecca!
If this article is leaving you wanting more Rebecca, you're in luck! Her website has just gone live, so you can easily find out more about Rebecca and what she's up to... but best of all, you can read her blog entries.
Webinar: Musings on DB2 Security for the DB2 LUW DBA
In this timely Webinar, my good friend Rebecca Bond, independent security consultant and author of Understanding DB2 9 Security, will share important DB2 Security Tips and Best Practices with participants. People who know Rebecca personally also know that she is a part-time comic and capable of turning the dullest, most boring topics, into something truly entertaining, informative, and memorable.
Here is a sampling of topics Rebecca might cover if she doesn't have a headache:
SPEAKER BIOGRAPHY:"Rebecca Bond is an independent DB2 LUW Security Consultant. With a background in government, healthcare and financial DB2 consulting, she is adept at designing efficient, secure database architectures that balance the twin needs of performance and protection. Rebecca is the author of Understanding DB2 9 Security, published by IBM Press, and has written articles on security topics for the IDUG Solutions Journal. She holds numerous DB2 certifications and has been designated by IBM as a Subject Matter Expert."
ORDER THE BOOK: Understanding DB2 9 Security
One lucky Webinar Attendee will be randomly selected to win a $50 Amazon.com gift certificate - enough cash to buy the security book plus other fun things!
US and European Phone numbers will be provided, as well as VoIP.
We look forward to seeing you online! Title: Musings on DB2 Security for the DB2 LUW DBA Date: Thursday, May 7, 2009 Time: 9:30 AM - 10:30 AM CDT After registering you will receive a confirmation email containing information about joining the Webinar.
Here is another IBM commercial. This one is called "The Grail" and is about security. Have you seen this IBM Press book that published earlier this year? It's about security as well....
Mainframe Basics for Security Professionals: Getting Started with RACF
Leverage Your Security Expertise in IBM® System z™ Mainframe Environments
For over 40 years, the IBM mainframe has been the backbone of the world’s largest enterprises. If you’re coming to the IBM System z mainframe platform from UNIX®, Linux®, or Windows®, you need practical guidance on leveraging its unique security capabilities. Now, IBM experts have written the first authoritative book on mainframe security specifically designed to build on your experience in other environments.
Even if you’ve never logged onto a mainframe before, this book will teach you how to run today’s z/OS® operating system command line and ISPF toolset and use them to efficiently perform every significant security administration task. Don’t have a mainframe available for practice? The book contains step-by-step videos walking you through dozens of key techniques. Simply log in and register your book at www.ibmpressbooks.com/register to gain access to these videos.
The authors illuminate the mainframe’s security model and call special attention to z/OS security techniques that differ from UNIX, Linux, and Windows. They thoroughly introduce IBM’s powerful Resource Access Control Facility (RACF) security subsystem and demonstrate how mainframe security integrates into your enterprise-wide IT security infrastructure. If you’re an experienced system administrator or security professional, there’s no faster way to extend your expertise into “big iron” environments.
* Mainframe basics: logging on, allocating and editing data sets, running JCL jobs, using UNIX System Services, and accessing documentation* Creating, modifying, and deleting users and groups* Protecting data sets, UNIX file system files, databases, transactions, and other resources* Manipulating profiles and managing permissions* Configuring the mainframe to log security events, filter them appropriately, and create usable reports* Using auditing tools to capture static configuration data and dynamic events, identify weaknesses, and remedy them* Creating limited-authority administrators: how, when, and why
About the Authors:
Ori Pomerantz has been securing computer networks--and teaching other people to do so--since 1995. Since joining IBM in 2003, he has written classes on several Tivoli® security products, including IBM Tivoli zSecure.
Barbara Vander Weele, a software engineer at IBM, has developed and presented education material on provisioning, security, storage, and business technologies for IBM Worldwide Education.
Mark Nelson, Senior Software Engineer at IBM, is a twenty-year veteran of the RACF design team and a frequent speaker on RACF and z/OS security-related topics.
Tim Hahn, IBM Distinguished Engineer, has been with IBM for seventeen years. He is Chief Architect for Secure Systems and Networks within the IBM Software Group Tivoli organization.
Security doesn't exist in a vacuum; it’s a part of the business process and it permeates all aspects of information technology. The bad news is that as applications run on a combination of multiple platforms, each of the platforms needs to be examined, understood, and protected. The good news is that good security techniques transcend platforms; the key is understanding how to take the knowledge that you already know and apply it across these platforms.
That's the reason for this book. Experienced UNIX or Windows security professionals can extend their existing security knowledge to the world of z/OS![Read More]
It seems to me that every newsletter I get these days has at least one article about security / data protection. Here are a few of the headlines that I've noticed:
* Don't Tolerate Liberal Data Permissions* What Is All This Integrity Business?* How to get employees passionate about disaster recovery * Backups: Understanding How Performance Matters* Top 10 Security Trends for 2008* Learn Best Practices for Database Auditing
Yesterday I was sent this information regarding data security problems that I'd like to share with you:
* Is your DB2 audit reporting strategy lacking institutional controls, or perhaps even nonexistent? * Are you using "live" production data for unit testing, with no masking of sensitive data values? * Are you wasting resources storing large amounts of unreferenced and inactive data on your operational databases? * Is sensitive data potentially being exposed to theft while at rest or in transit between you and your business partners?
The DB2 and IMS solution can help minimize the liability risk associated with Data Governance.
Data Server Security BlueprintThis blueprint provides a threat-focused security framework for users of IBM Data Servers (whether DB2 for LUW, DB2 for z/OS or IDS) and our related data governance Tools that help them understand how our products work together to solve their data security problems. It is comprehensive enough to cover all the major threats, yet simple enough for a new DBA to pick up and use immediately. From this site, download the white paper and the blueprint.
On April 1, there was a Chat with the Lab regarding this blueprint. From this site you can download the charts and at some point in the near future, you'll be able to listen to a replay of the chat.
And last but not least, we have several books that are current and cover these topics to some degree. In particular Understanding DB2 9 Security by Rebecca Bond, Kevin Yeung-Kuen See, Carmen Ka Man Wong, Yuk-Kuen Henry Chan.
Understanding DB2 9 Security is the only comprehensive guide to securing DB2 and leveraging the powerful new security features of DB2 9. Direct from a DB2 Security deployment expert and the IBM® DB2 development team, this book gives DBAs and their managers a wealth of security information that is available nowhere else. It presents real-world implementation scenarios, step-by-step examples, and expert guidance on both the technical and human sides of DB2 security.
DBA Central on developerWorks has a list of the most recent articles, and you'll find several related to the security topic that may be useful to you as well.