• The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
Menu
  • The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
  • PowerTech Translates SOX Requirements Into iSeries Terms

    September 13, 2005 Alex Woodie

    OS/400 shops preparing for Sarbanes-Oxley Act audits can find some help in a new release of PowerLock SecurityAudit unveiled by The PowerTech Group last week. With SecurityAudit 2.0, PowerTech is including a new AuditAdvisor function that encapsulates the knowledge of the company’s OS/400 security experts, as well as COBIT and ISO standards, and helps generate the required SOX reports. The company is also making it easier to configure security on multiple iSeries with new releases of its NetworkSecurity and CentralAdmin products.

    One of the most common complaints that companies have voiced about SOX compliance over the past three years is the lack of concrete guidelines from the federal government when it comes to IT processes. With imprisonment of C-level executives a possibility for companies found grossly out of compliance, it’s no wonder companies have sought expert SOX advice from the outside.

    Much of this expert outside help is coming from the Big 4 accounting firms (which used to be the Big 5, until Arthur Andersen got all mixed up in Enron’s mess, which led to the call for a SOX-type regulation in the first place). Two of the key standards of measurements that these accounting firms are using when it comes to securing computer systems for SOX compliance are Control Objectives for Information and related Technology (COBIT) and ISO-17799, says Brendan Patterson, director of product management at PowerTech, which is based in Kent, Washington.

    iSeries-to-COBIT-and-ISO Translation

    OS/400 shops can see how their security settings stack up against COBIT and ISO-17799 standards through a combination of SecurityAudit 2.0 and the new AuditAdvisor tool, which is an online tool that is accessible by PowerTech customers through the PowerTech Web site. This reckoning between the COBIT and ISO-17799 requirements and OS/400 security settings was performed by PowerTech’s team of OS/400 security experts, including John Earl and Dan Riehl. Riehl is Power Tech’s director of services and Earl is chief technical officer and vice president.

    “COBIT is for IT general. It doesn’t say anything about iSeries. What we’ve done is mapped what that means into iSeries security settings,” Patterson says. “We’ve captured a lot of the iSeries security knowledge in house, and made it available as a guide we provide to our customer.”

    AuditAdvisor provides a comprehensive accounting of OS/400 security settings and their relative importance to meeting COBIT and ISO-17799 recommendations (and thereby going a long way to complying with SOX). AuditAdvisor provides recommendations for the full spectrum of iSeries security settings, including security system values, user profile settings, library authority settings, and more. Under the user profile heading, for example, it lists specific things to look for in regard to special authorities, command line access, group profiles, expired and weak passwords, inactive profiles, and invalid sign-on attempts.

    SOX has been a big driver for PowerTech’s business, as it has for ISVs in related fields, like change management and high availability. But customers can also benefit, Patterson says. “It is good for customers if it helps them tighten up their process and implement good procedures,” he says. “Some companies are happy regulations have given them the impetus to implement some changes they knew they needed to make, but couldn’t get management’s attention to implement.”

    But at the same time, SOX is just one of a swarm of new regulations that IT shops are burdened with supporting–which means reams and reams of paperwork and the mind-dulling side-affect that often accompanies it. “It’s not just SOX, but there are others, and it seems like there’s a new one all the time,” Patterson says. “HIPAA went into effect in April. The Visa CISP took effect in June. I just saw something in Canada, passing some sort of SOX requirement. And there’s a similar one in the UK. The regulations seem to be coming thick and fast.”

    Time to Lock Down Your Server

    OS/400 shops should implement good security protections to gain the blessing of the federal government. But they should also do it because it makes good business sense, and because protecting information about customers is important.


    There is documentation that Asian organized crime syndicates are increasingly using the Internet to do their work, and there has been at least one hacker announcing his intention to break OS/400 security. Since the OS/400 server typically holds the most valuable information at companies that use it, this should be a wake-up call for OS/400 shops to stop being complacent with OS/400 security, to understand that SOX, COBIT, HIPAA, et al. are just stepping stones to a thorough and multi-faceted security policy, and–most importantly–to lock down their access points and other areas of vulnerability, and to do it right now. As the recent disaster along the Gulf Coast shows, government mandates are of little value when your front door has been ripped off its hinges.

    Good iSeries administrators can configure OS/400 security settings manually, of course. For those buried in paperwork or for those that want a tool to make it faster and easier to lock down the server’s exit points, PowerTech provides PowerLock NetworkSecurity. With NetworkSecurity 5.0, also announced last week, PowerTech has made enhancements in the areas of reporting, configuring multi-server setups, and ease-of-use.

    The capability to apply rules globally across a network of OS/400 servers in NetworkSecurity 5.0 will make it much easier to change security settings within larger companies with multiple iSeries. For example, if an administrator needs to provide Jane in accounting with access to FTP on the OS/400 (one of the server’s vulnerable spots if not properly protected), and to do so after the initial configuration, the administrator can grant her FTP access to multiple OS/400 servers, instead of configuring each one by hand.

    This release also brings the capability to output NetworkSecurity reports in Microsoft Excel format. Once the report data is in Excel, any spreadsheet junky can whip up colorful and easy-to-read graphs in no time. PowerTech even supplies Excel templates to accelerate this process.

    To complete the product trifecta, PowerTech unveiled PowerLock CentralAdmin 2.0. As its name suggests, CentralAdmin provides centralized administration for multiple OS/400 servers. It works with both NetworkSecurity and SecurityAudit in various means, including the propagation of new global rules in NetworkSecurity (described above) and running audit reports off multiple iSeries servers through SecurityAudit. Version 2 brings the capability to handle product licensing for multiple machines from a single location, as well as new centralized reporting features, the company says.

    CentralAdmin 2.0 is still in beta, with availability expected at the end of September. NetworkSecurity 5.0 and SecurityAudit 2.0 are available now.

    The PowerLock family of products supports OS/400 V5R1 and later versions. Licenses for NetworkSecurity are processor tier-based and range from $2,800 to $15,200, which allows a customer to install the software in a single partition; an additional fee of $1,000 or more is required for additional partitions. SecurityAudit has similar pricing. Adding the PowerLock CentralAdmin capability costs $1,500 per partition. For more information, visit www.powertech.com.

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Tags:

    Sponsored by
    VISUAL LANSA 16 WEBINAR

    Trying to balance stability and agility in your IBM i environment?

    Join this webinar and explore Visual LANSA 16 – our enhanced professional low-code platform designed to help organizations running on IBM i evolve seamlessly for what’s next.

    🎙️VISUAL LANSA 16 WEBINAR

    Break Monolithic IBM i Applications and Unlock New Value

    Explore modernization without rewriting. Decouple monolithic applications and extend their value through integration with modern services, web frameworks, and cloud technologies.

    🗓️ July 10, 2025

    ⏰ 9 AM – 10 AM CDT (4 PM to 5 PM CEST)

    See the webinar schedule in your time zone

    Register to join the webinar now

    What to Expect

    • Get to know Visual LANSA 16, its core features, latest enhancements, and use cases
    • Understand how you can transition to a MACH-aligned architecture to enable faster innovation
    • Discover native REST APIs, WebView2 support, cloud-ready Azure licensing, and more to help transform and scale your IBM i applications

    Read more about V16 here.

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    SSA Global Wastes No Time Integrating Boniva Much Ado about Nothing: Interesting Facts about Null

    Leave a Reply Cancel reply

Volume 5, Number 36 -- September 13, 2005
THIS ISSUE
SPONSORED BY:

ProData Computer Svcs
Aldon
COMMON
Asymex
RJS Software Systems

Table of Contents

  • PowerTech Translates SOX Requirements Into iSeries Terms
  • NGS Puts the Graphics Into Business Intelligence
  • Capella Tech Delivers Multi-Host Print Solution
  • IBM Boosts OS/400 Coverage in Mainframe Utilities

Content archive

  • The Four Hundred
  • Four Hundred Stuff
  • Four Hundred Guru

Recent Posts

  • With Power11, Power Systems “Go To Eleven”
  • With Subscription Price, IBM i P20 And P30 Tiers Get Bigger Bundles
  • Izzi Buys CNX, Eyes Valence Port To System Z
  • IBM i Shops “Attacking” Security Concerns, Study Shows
  • IBM i PTF Guide, Volume 27, Number 26
  • Liam Allan Shares What’s Coming Next With Code For IBM i
  • From Stable To Scalable: Visual LANSA 16 Powers IBM i Growth – Launching July 8
  • VS Code Will Be The Heart Of The Modern IBM i Platform
  • The AS/400: A 37-Year-Old Dog That Loves To Learn New Tricks
  • IBM i PTF Guide, Volume 27, Number 25

Subscribe

To get news from IT Jungle sent to your inbox every week, subscribe to our newsletter.

Pages

  • About Us
  • Contact
  • Contributors
  • Four Hundred Monitor
  • IBM i PTF Guide
  • Media Kit
  • Subscribe

Search

Copyright © 2025 IT Jungle