Meeting old friends and new, IBMers and customers at last week's GSE UK Enterprise Security Working Group (ESWG) has inspired me to start blogging again. Let's see how long this lasts ;)
The meeting was well attended, especially considering we were outside the M25 (London's outer ring road)! Our hosts, RSM Partners, looked after us very well and the day was well-paced, packed with informative sessions and full of lively debate. I was "dragged up" to continue the JOBROLE debate during the Hints and Tips session - more on that later - but the highlights were Mark Wilson's "z/OS Pen Testing Live" where we saw Mark "break in" to a z/OS machine before our very eyes (well, it was actually his own, so no crime was committed), and I was impressed by the presentation from Dave Constable of Barclays Bank's Global z/OS Security Engineering team on the IBM System z Security Portal and CVSS.
While we await the minutes and presentations to be uploaded to the website, why not check out said IBM Portal, and read about the "Common Vulnerability Scoring System" (CVSS) and how it can help you manage your z/OS maintenance schedule. Maybe this is what you need to justify to the budget holder that maintenance spend you know is necessary? Maybe CVSS will help us mainframers to discuss security matters with our distributed platform peers in the same language?
Now back to JOBROLE. A quick straw poll of the attendees revealed that a majority had already implemented Role Based Access Control (RBAC), were planning to, or had a desire to do so. Encouragingly, most could see the value in our proposal for either TEMPLATE user or the new JOBROLE construct. Read the background here, and have your say below. We will probably draft a proposal for GSE UK to present to IBM this year.