76 lines
4.6 KiB
HTML
76 lines
4.6 KiB
HTML
|
<?xml version="1.0" encoding="UTF-8"?>
|
||
|
<!DOCTYPE html
|
||
|
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||
|
<html lang="en-us" xml:lang="en-us">
|
||
|
<head>
|
||
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
||
|
<meta name="security" content="public" />
|
||
|
<meta name="Robots" content="index,follow" />
|
||
|
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
|
||
|
<meta name="DC.Type" content="concept" />
|
||
|
<meta name="DC.Title" content="Security audits" />
|
||
|
<meta name="abstract" content="This topic describes the purpose of security audits." />
|
||
|
<meta name="description" content="This topic describes the purpose of security audits." />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzamvconcepts.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzamvauditsysval.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzamvplansecauditing.htm" />
|
||
|
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
|
||
|
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
|
||
|
<meta name="DC.Format" content="XHTML" />
|
||
|
<meta name="DC.Identifier" content="audits" />
|
||
|
<meta name="DC.Language" content="en-us" />
|
||
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
||
|
<!-- US Government Users Restricted Rights -->
|
||
|
<!-- Use, duplication or disclosure restricted by -->
|
||
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
||
|
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
|
||
|
<link rel="stylesheet" type="text/css" href="./ic.css" />
|
||
|
<title>Security audits</title>
|
||
|
</head>
|
||
|
<body id="audits"><a name="audits"><!-- --></a>
|
||
|
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
|
||
|
<h1 class="topictitle1">Security audits</h1>
|
||
|
<div><p>This topic describes the purpose of security audits.</p>
|
||
|
<div class="p">People audit their system security for several reasons: <ul><li>To evaluate whether the security plan is complete.</li>
|
||
|
<li>To make sure that the planned security controls are in place and working.
|
||
|
This type of auditing is usually performed by the security officer as part
|
||
|
of daily security administration. It is also performed, sometimes in greater
|
||
|
detail, as part of a periodic security review by internal or external auditors.</li>
|
||
|
<li>To make sure that system security is keeping pace with changes to the
|
||
|
system environment. Some examples of changes that affect security
|
||
|
are:<ul><li>New objects created by system users</li>
|
||
|
<li>New users admitted to the system</li>
|
||
|
<li>Change of object ownership (authorization not adjusted)</li>
|
||
|
<li>Change of responsibilities (user group changed)</li>
|
||
|
<li>Temporary authority (not timely revoked)</li>
|
||
|
<li>New products installed</li>
|
||
|
</ul>
|
||
|
</li>
|
||
|
<li>To prepare for a future event, such as installing a new application, moving
|
||
|
to a higher security level, or setting up a communications network.</li>
|
||
|
</ul>
|
||
|
</div>
|
||
|
<p>The techniques described here are appropriate for all these situations.
|
||
|
Which things you audit and how often depends on the size and security needs
|
||
|
of your organization.</p>
|
||
|
<p>Security auditing involves using commands on your system and accessing
|
||
|
log and journal information. You can create a special profile to be used by
|
||
|
someone doing a security audit of your system. The auditor profile needs *AUDIT
|
||
|
special authority to change the audit characteristics of the system. Some
|
||
|
of the auditing tasks suggested in this chapter require a user profile with
|
||
|
*ALLOBJ and *SECADM special authority. Set the password for the auditor profile
|
||
|
to *NONE when the audit period has ended.</p>
|
||
|
<p>For more details on security auditing, see Chapter 9, <span class="q">"Auditing System
|
||
|
Security,"</span> in the <cite>iSeries™ Security Reference</cite>.</p>
|
||
|
</div>
|
||
|
<div>
|
||
|
<div class="familylinks">
|
||
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzamvconcepts.htm" title="To effectively create a security policy and plan security measures for your system, you need to understand the following security concepts, some of which are general concepts and some of which are specific to the hardware type.">Concepts</a></div>
|
||
|
</div>
|
||
|
<div class="relconcepts"><strong>Related concepts</strong><br />
|
||
|
<div><a href="rzamvauditsysval.htm" title="This topic describes the auditing system values in detail.">Audit system values</a></div>
|
||
|
<div><a href="rzamvplansecauditing.htm" title="Use this information to plan security auditing for your systems.">Plan security auditing</a></div>
|
||
|
</div>
|
||
|
</div>
|
||
|
</body>
|
||
|
</html>
|