The Mainframe Technical Environment for Auditors


This course has been designed and built for Auditors who come into contact (at any level) with IBM mainframe systems in their daily work. The course encompasses an overview of the z/OS mainframe computing environment, before focusing on the security implications of the environment, as relevant to auditors. Each stage of the course builds upon the previous one, enabling attendees to consolidate what has been learned and see how it will apply to their daily work. RSM will customise the course to reflect the particular business and technical needs of clients and the current skill levels of the intended attendees.

This course is available for one-company, on-site presentations.

Objectives

On successful completion of this course you will be able to:

  • understand the audit issues relating to configuration
  • understand the audit issues relating to TSO
  • understand the audit issues relating to Batch
  • understand the audit issues relating to z/OS
  • understand the implications of using RACF utilities & exits
  • understand the DSMON output.

Who Should Attend

This course is suitable for Auditors whose work brings them into contact with IBM mainframe systems.

Prerequisites

Exposure to the technical computing environment at their organisation.

Duration

4 days

Fee (per attendee)

P.O.A.

Course Code

MTSE

Contents

Introduction to Mainframe Enterprise Computing

Introduction; What is a mainframe? What can it do? How does it do it? Some interesting history; Useful definitions; Types of computing; Enterprise computing hardware; Disk storage; Magnetic tape; Input/output peripherals; Data handling and software; Networks; Practical operations; General Audit issues for the above areas.

z/OS Software Components

Introduction; z/OS and how it works; The z/OS Operating System - MVS; Main components of MVS; MVS processing environments; z/OS Communications Server; JES; DFSMS; Transaction Server; Databases; z/OS audit issues.

The TSO Environment

Introduction to TSO; Interpretative languages; ISPF/PDF (Interactive System Productivity Facility/Program Development Facility); TSO audit issues.

Understanding the Batch Environment

Introduction; Understanding and writing the Job Control Language (JCL); System Display and Search Facility (SDSF); Exits that affect jobs and output; Job audit issues.

z/OS Security Overview

System Authorization Facility (SAF) security principals; z/OS controls & drivers; Security products; RACF overview; PARMLIB members requiring Audit;

z/OS RACF Components

RACF control options; SETROPTS; Resource permission; Searching the RACF database; RVARY; Password processing; Systems Special, Operations & Auditor; Auditor authorities.

RACF Utilities

RACF; The FACILITY class; RACF utilities; Using Data Security Monitor (DSMON); Detailed analysis of DSMON output; RACF tables; RACF exits; Administration and auditing tools.

UNIX Systems Services Overview

Hierarchical File Systems; Userids; UNIXPRIV class; Files & Directories; USS security basics; Access Lists (ACLs); Audit issues.

CICS & IMS Overview

What is CICS?; CICS transactions, tasks & programs; CICS Web Support; Accessing CICS; CICS resources; CICS-RACF interface; What is IMS?; IMS/DB; IMS/TM; Master Terminal; Resource definitions.

DB2 for z/OS Overview

What is DB2?; DB2 Address Spaces; DB2 structures; DB2 security overview.

CA-ACF/2 & CA-Top Secret - Security Overview

Overview of CA-ACF/2; CA-ACF/2 and RACF differences; Overview of TSS; CA-Top Secret & RACF differences.


© RSM Technology 2017