Front Cover -- Title Page -- Copyright -- Dedication -- Acknowledgments -- About The Author -- Contents -- Introduction -- Part One: Securing Business Data -- Chapter 1: How the Mainframe Provides Sec urity -- How RACF Does Access Checking -- The RACF Access Checking Diagram -- Chapter 2: RACF Special Privileges -- Logging Special Privilege Activities -- Mitigating the Risk of Special Privileges -- Alternatives to the OPERATIONS Privilege -- Summary -- Chapter 3: The Data Security Monitor (DSMON) -- How to Produce DSMON Reports -- Understanding DSMON Reports -- Summary -- Chapter 4: Security Event Logging and Auditing -- Auditing User Activity -- Auditing Resources at the Profile Level -- Using the GLOBALAUDIT Operand -- Auditing Resources at the Class Level -- Auditing Users with Special Privileges -- Auditing Profile Changes -- Auditing Failures to RACF Commands -- RACF Automatic Loggings -- The Importance of Security Log Retention -- Summary -- Chapter 5: The Global Access Checking (GAC) Table -- The Benefits of GAC -- The Security Concerns of GAC -- Implementing GAC -- Mitigating the Security Risks of GAC -- The Benefits of GAC Mirror Profiles -- Good Candidates for GAC Processing -- Summary -- Chapter 6: Understanding the FACILITY Class -- Storage Administration Profiles -- z/OS UNIX Profiles -- RACF Profiles -- Other Profiles -- Security Administration of FACILITY Class Profiles -- The FACILITY Class's Documentation -- Third-Party Vendor Products -- In-House Developed Products -- FACILITY Class Profiles: A Word of Caution -- Chapter 7: The Benefits of the SEARCH Command -- Creating RACF Commands -- Cleaning Up the RACF Database -- Listing Profiles, User IDs, and Groups -- Revoking User IDs -- Finding Duplicate UIDs and GIDs -- Searching a User's Access to Profiles -- Finding Discrete Profiles -- Summary.

Chapter 8: WARNING Mode and Its Implications -- The Proper Use of WARNING Mode -- The Incorrect Use of WARNING Mode -- Finding All Profiles in WARNING Mode -- Make Sure WARNING Mode Is Justified -- Remove WARNING Mode Where Inappropriate -- Summary -- Chapter 9: Understanding z/OS UNIX Security -- How z/OS UNIX Security Works -- Planning For z/OS UNIX Security -- Unique UIDs and GIDs Recommended -- The SUPERUSER Privilege -- Auditing z/OS UNIX -- Implementing z/OS UNIX Controls -- FACILITY Class Considerations -- UNIXPRIV Class Considerations -- Other z/OS UNIX Conside rations -- Chapter 10: The Benefits of RACF Commands in Batch Mode -- Capturing the Results of RACF Commands -- Automating a Process -- Performing an Action Repeatedly -- Entering Groups of RACF Commands -- When Batch Mode Is the Only Method -- Summary -- Chapter 11: Security Administration: Beyond the Basics -- Doing It Right the First Time -- Being Inquisitive -- Understanding RACF User Profile Segments -- What Is a RACF Discrete Profile? -- What Are Undefined RACF User IDs? -- Universal Access (UACC) Considerations -- The Restricted Attribute -- Disaster Recovery Considerations -- What Are RACF "Grouping Classes"? -- What Is RACF "Undercutting"? -- What Is A RACF "Back-Stop" Profile? -- Why User IDs Must Not Be Shared -- Granting Temporary Access to Resources -- Creating "Fully-Qualified" Generic Profiles -- Specifying Strong Passwords -- RACF Global Options -- Summary -- Part Two: Securing the z/OS Operating System -- Chapter 12: APF-Authorized Libraries -- What Is the Risk? -- Finding APF-Authorized Libraries -- How Do You Mitigate This Risk? -- Summary -- Chapter 13: The System Management Facility (SMF) -- What Is the Risk? -- How Do You Mitigate This Risk? -- Summary -- Chapter 14: Operating System Data Sets -- System Parameter Libraries -- System Catalogs.

Assorted Operating System Data Sets -- Summary -- Chapter 15: RACF Databases -- What Is The Risk? -- How Do You Mitigate This Risk? -- Summary -- Chapter 16: RACF Exits -- What Is the Risk? -- How Do You Mitigate This Risk? -- Summary -- Chapter 17: System Exits -- What Is the Risk? -- How Do You Mitigate This Risk? -- Summary -- Chapter 18: Started Procedures -- What Is the Risk? -- How Do You Mitigate This Risk? -- Summary -- Chapter 19: Tape Bypass Label Processing (BLP) -- What Is the Risk? -- How Do You Mitigate This Risk? -- Summary -- Chapter 20: The SYS1.UADS Data Set -- A Brief History of SYS1.UADS -- How SYS1.UADS Works With RACF -- Keeping SYS1.UADS Current -- Summary -- Chapter 21: The System Display and Search Facility (SDSF) -- What Is the Risk? -- How Do You Mitigate This Risk? -- Chapter 22: The Program Properties Table (PPT) -- What Is the Risk? -- How Do You Mitigate This Risk? -- Chapter 23: Special-Use Programs -- What Is the Risk? -- How Do You Mitigate This Risk? -- Part Three: Security Infrastructure Matters -- Chapter 24: Application and Batch ID Security -- Segregate Production from Non-Production -- Batch IDs Must Not Share Application Data -- Production JCL Must Not Refer To Personal Data Sets -- Be Careful About SURROGAT Class Access -- Restrict Direct Update Access to Production Data -- Chapter 25: Security Architecture -- Internal Vs. External Security -- The Benefits of External (RACF) Security -- Centralized Security or Decentralized Security? -- Chapter 26: The RACF Unload Database -- How It Was Done Before -- Creating the RACF Unload Database -- The Benefits of the RACF Unload Database -- The Uses Of The RACF Unload Database -- Getting Quick Answers Using TSO -- Summary -- Chapter 27: Increasing Your Productivity -- Use REXX and CLISTs -- Learn More About ISPF Edit Capabilities -- Join Online User Groups.

Find a Mentor -- Use RACF Help Functions -- Use Online Manuals -- Get Free Utilities -- Subscribe to Vendor Publications -- Use Native RACF Commands -- Learn DFSORT -- Summary -- Chapter 28: Security Compliance -- Chapter 29: Security Best Practices -- Implement Role-Based Security -- Periodically De-Clutter Your Security Database -- Handle Employee Transfers and Terminations As They Occur -- Identify Your Important Data -- Assign Ownership to All Data -- Keep All Security Within RACF -- Log Accesses to Important Data -- Conduct Periodic Reviews of All Access Rights -- Implement Change Management for Production JCL -- Report and Monitor Security Activities -- Implement Segregation of Duties -- Require Approval Before Granting Access -- Summary -- Chapter 30: Security Add-On Products -- The Benefits Of RACF Add-On Products -- Simplified Security Administration -- Security Monitoring -- Password Resets -- Security Reporting -- Security Compliance and Enforcement -- Summary -- Epilogue -- Index.