I agree Our site saves small pieces of text information (cookies) on your device in order to deliver better content and for statistical purposes. You can disable the usage of cookies by changing the settings of your browser. By browsing our website without changing the browser settings you grant us permission to store that information on your device.
In this course, the attendee will learn why and how to secure software assets and data in the Mainframe environment. The course helps improve development and maintenance practices to strengthen legacy mainframe systems with best practices and examples.
During the two days, attendees will learn how to analyze the current use of Mainframe systems, vulnerabilities and exploits performed on mainframe applications as well as to defend and/or mitigate against attacks and exploits.
The primary focus of the Payment Card Industry Data Security Standard (PCI DSS) is the protection of cardholder data. PCI DSS provides required controls for cardholder data that is stored, processed or transmitted on any platform. Unfortunately, many mainframes are currently not being assessed properly for PCI DSS compliance.
Mainframes have three external security management systems (ESMs) used for data and access protection: IBM's RACF, CA-TopSecret and CA-ACF2. Mainframe assessors not trained on or with limited exposure to these platforms will run a RACF DSMON, TopSecret TSSAAUDIT report or ACF SHOW ALL command that provides global security options at the OS level, but doing so still fails to give detailed protection of cardholder data.
Why is such scrutiny of mainframe security controls important? The majority of payments today touch or are processed on mainframes, regardless of whether the merchant or service provider is aware of it.
Since the 1980's, ESMs for mainframes have become feature-rich, robust and expansive. Consequently, many QSAs are less concerned with PCI cardholder data on the mainframe. They believe that the mainframe is so secure because of ESMs, they would rather focus on the ubiquitous server environment. The server environment certainly requires attention. However, ESM security features are installation-selectable. This means installations can choose to activate them -- or not. Security professionals and IT auditors who perform mainframe ESM assessments invariably find these features turned off for performance, cost and inconvenience reasons. This not only affects PCI compliance, but can also put cardholder data on those systems at risk.
Ignorance is not a control. Not having sufficient understanding of mainframe security constructs is not a valid reason to ignore them or justify minimizing the risk of cardholder data on insecure mainframes. Assuming few individuals know how to exploit mainframe vulnerabilities is unwise and portends negative results. Most QSAs and penetration testers don't have a background in mainframes and thus don't know how to exploit even the simplest vulnerability. However, remember attackers only need to be right once.
Protection of cardholder data that PCI DSS proposes should not be conditionally excluded because the cardholder data environment is not fully understood. This also includes issuing and acquiring financial institutions whose payment processing is predominantly mainframes -- but that is yet another neglected topic.
Hundreds of delegates from all over the world have attended LiquidNexxus training sessions. Here are some testimonials related to this course/event.
Over the course of two full days the course covers the following topics...
Introduction and Context Mainframes & Distributed Environments
Security Regulations and Standards impact on software applications
Applying PCI DSS to Mainframe Environments
The following speakers have confirmed their participation in this conference.
G is currently Product Manager and lead developer for a specialised Mainframe security and analysis company. He focuses on adapting solutions to customer environments and requirements. Specialized in Mainframe environment (COBOL, JCL, Sequential files, etc.), PCI-DSS and PA-DSS solutions for securing the impacted applications and business processes. He previously headed up the R&D Team for the development of new, more effective and cost effective solutions of the products used for supporting customers in the field of system governance, compliance to regulations (specialized in PCI-DSS) and code review. He has experience in a level 6 complexity (top) PCI-DSS certification project. The solutions he has implemented are not only aimed at finding sensitive data inside in business processes but identify and study exactly how the data moves inside of the application giving the customer a precise map on how and where the applications need to be modified in order to secure them against the ever-growing threat of cyberattacks. His previous roles included internal systems maintenance, support, testing and implementing software security solutions.
Milan is an Alpha leading global city, with strengths in the arts, commerce, design, education, entertainment, fashion, finance, healthcare, media, services, research, and tourism. Its business district hosts Italy's Stock Exchange and the headquarters of the largest national and international banks and companies. The city is a major world fashion and design capital, well known for several international events and fairs, including Milan Fashion Week and the Milan Furniture Fair. The city hosts numerous cultural institutions, academies and universities, with 11% of the national total enrolled students.
Please contact us for the specific venue
LiquidNexxus regularly hosts open training sessions globally, below is a list of courses related to this course which are currently scheduled. If your region is not listed or you would like to discuss inhouse training or partnership please contact us.
The website keywords. Click on one to see associated contents.