z/OS Security Server RACF Security Administrator's Guide
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Deciding what to protect

z/OS Security Server RACF Security Administrator's Guide
SA23-2289-00

Every installation has varying amounts of confidential data and varying degrees of confidentiality. For example, a development laboratory might be primarily concerned with the confidentiality of new products, whereas a bank or an insurance agency would be concerned with the confidentiality of its customers' records. Generally speaking, though, all data falls into one of the following categories:
  1. Very sensitive, confidential data, which requires protection from disclosure, modification, or destruction
  2. Non-confidential data, which is recoverable with little inconvenience if destroyed
  3. Data that falls between these two extremes, which should be protected from inadvertent or deliberate modification or destruction

Most data falls into the last category.

Obviously, the data in the first category must be protected. What should also be considered is how to protect the data that ought to be protected in a simple yet effective manner, in a way that is transparent to the user of this data. The implementation team does a risk evaluation of the installation's data to determine which data needs what level of protection.

The task of protecting large quantities of data can take on significant proportions unless you can acquire this protection automatically. In the case of RACF®, protecting data is quite simple and, after the controls are in place, practically free from administrative overhead.

Parent topic: Organizing for RACF implementation

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014