A service to identify security vulnerabilities on your IBM i and i5/OS systems. Based on the expertise and experience from an industry-recognized 3rd party expert, SkyView Security Check-up satisfies vulnerability scanning requirements found in most laws, standards and regulations.
The Payment Card Industry, Sarbanes Oxley, HIPAA, GLBA and many new laws and regulations governing data privacy and security require regular testing of your computing environment to identify vulnerabilities. Our security check-up is an unbiased and thorough appraisal of an organization’s IBM i or i5/OS security configuration based on a true expert’s point of view*. The end result is a set of deliverables that includes:
– A comparison of appropriate results to security best practices, including a micro-level analysis of:
- System values
- User profiles
- Object authorities
- Application security models
- TCP/IP configuration
- Managed Security Services
- And many other considerations. (over 100 risk areas are reviewed)
– A written summary entitled: “Detailed Observations and Recommendations” featuring a prioritized list of top security issues, including an explanation of why the issues have security implications
How it works:
Step 1: SkyView Risk Assessor data gathering product is installed on each system to be analyzed, utilizing the subscriber license that comes with SkyView Security Check-up.
Step 2: SkyView Risk Assessor is scheduled to run and automatically gathers the critical security data for analysis.
Step 3: Organization’s system administration group gathers and emails information to SkyView security team for analysis.
Step 4: SkyView’s Security Experts* analyze the data produced.
Step 5: One of our security experts reviews all documentation produced for thoroughness and accuracy.
Step 6: A Conference call is scheduled, with a SkyView Security Expert*, to present and review results.
*SkyView Security Experts are trained and managed by Carol Woodbury. Carol is the former IBM iSeries Security Architect and Chief Engineering Manager, author of “IBM i & i5/OS Security & Compliance: A Practical Guide”, award winning speaker on the topic of security, Certified in Risk and Information Systems Control (CRISC) and the Co-founder and President of SkyView Partners Inc. Our staff understand IBM i security practices from Carol Woodbury’s point of view, and represent some of the best security resources in our market.
We offer two (2) service offerings:
- Managed Security Services – Let our Security Experts monitor your IBM i environment and report to you when a security indicator is out of compliance. Includes an Annual Security Check-Up
- Security Check-Up – A subscriber-based risk assessment service for identifying security vulnerabilities of your IBM i, includes a report summarizing the vulnerabilities and what should be done to correct them.
Why Managed Security Services
On the list of things to do for your IT staff is “security”. Rarely does that item get checked off the list because they simply don’t have the time. Rightfully, they are focused on high-value IT activities that impact the bottom-line. However that isn’t an excuse for letting security go unaddressed. SkyView’s Managed Security Service is the answer. With this monthly service, SkyView experts monitor key security indicators and provided a summary, highlighting any issues. With the monthly reports, IT is equipped with the right information to choose to address issues, elevate them to management, or defer them as appropriate. With SkyView Managed Security Services as a member of your team, you get unparalleled expertise paying attention to your servers’ security.
This service removes the burden from your staff and ensures that security is getting the regular attention that management and auditors expect.
What is Managed Security Services for IBM i
SkyView Partners Managed Security Services for Compliance Reporting is a monthly service where critical compliance issues are monitored and you are notified if something falls out of compliance. Regular compliance checks are scheduled with the resulting reports e-mailed to your support staff for their review. If non-compliant issues are discovered, you will be notified.
Once a year, we will do a thorough vulnerability assessment (Security Check-Up) of the IBM i servers. We also include permanent licenses of our software (Risk Assessor, Policy Minder for IBM i and Audit Journal Reporter) as part of the package.
We will monitor 5 compliance indicators with Policy Minder and 5 key issues generated by the Audit Journal Reporter. The following represent a non-exhaustive list of possible monitoring topics:
- One (1) Security Check-Up for IBM i and i5/OS per partition per year
- Monthly monitoring of ten (10) essential security administration topics
- SkyView will produce and e-mail the monthly report to the customer:
- This monthly report will alert the client if any of the ten (10) key indicators monitored falls out of compliance so that they can decide whether to accept the deviation as a new policy baseline or correct accordingly
- SkyView is not responsible for taking Corrective actions.
Types of Security Administration Topics to Monitor
The following represents a non-exhaustive list of possible monitoring topics¹: