PCI DSS Archives - IT Jungle

Guru: The Finer Points of Exit Points

June 27, 2022 Bruce Bading

Many years ago, we received a call from an IBM i customer stating that all exit points were gone and the QAUDJRN and receivers were missing. Then the question, “Do you think we’ve been hacked?” Truth was, the exit points weren’t gone; the associated programs had been de-registered. Conclusion, they had most likely been compromised.

The IBM i platform is a very securable system that can be secured (Secure vs Secured – What’s the difference?, WikiDiff), if you take steps to secure it.

On the IBM i, a limited number of functions provide an exit so that your …
Read more
Guru: SIEM Is Only Part Of IBM i Cybersecurity

March 28, 2022 Bruce Bading

Many times, we hear from IBM i business owners that their SIEM – that’s short for Security Information and Event Management – is their cybersecurity solution for the IBM i. But that can’t be true, and I want to explain why it is part of the security shield but certainly not all of it.

Let’s start with SIEMs and how they fit into cybersecurity frameworks. SIEM is mentioned in the PCI appendix, but not once in the core of the 250+ PCI DSS requirements, likewise, the NIST Cybersecurity Framework lists event monitoring as one of the 100s (1/100s) of NIST …
Read more
Thoroughly Modern: IBM i Security Is No Longer Set It And Forget It

March 14, 2022 Amal Macdonald

For most IBM i shops, who are busy creating and maintaining the applications that run the business and who are not just chronically understaffed but structurally understaffed, the smartest thing they can do when it comes to security is give up.

You heard that right. They need to put their arms in the air and surrender, absolutely and completely.

No, we don’t mean they need to open all of the ports on their server, turn off the firewall, and let the ransomware and malware in and let the hackers and phishers do whatever they will. What we do mean by …
Read more
Strengthen IBM i Password Security With Multi-Factor Authentication

March 15, 2021 Bill Hammond

As stories of data breaches caused by exploited credentials continue to make headlines, basic password protection mechanisms are no longer good enough. Organizations require an additional layer of protection that is also easy to use and doesn’t impose an additional burden on administrators.

IBM i systems contain the data that drives your business, including financial transaction information, healthcare records, and other personally identifiable information for customers, partners, and employees. Much of this data is subject to regulations such as SOX, PCI DSS, HIPAA, and GDPR. Therefore, any data breach can result in regulatory fines, lost revenue, remediation costs, legal fees, …
Read more
Can You Build Data Integrity Without Securing IBM i Systems?

January 27, 2021 Bill Hammond

Nowadays, companies tend to have vast troves of data stored on their IT platforms. Many companies are struggling to use that data – including critical data on IBM i – that could, in theory, help to make better business decisions and run operations more smoothly and efficiently. But in reality, that data is frequently siloed, inaccurate, and unsecured – leading CEOs to be concerned about the integrity of the data upon which they are basing decisions. Businesses across the globe are screaming for data they can trust.

The pace of digital transformation initiatives has rapidly accelerated in the past year, …
Read more
Confidence in IBM i Security Is Dropping, Syncsort Says

May 6, 2020 Alex Woodie

IBM i shops were significantly less confident in their ability to prevent a security breach in 2019 than the previous two years, according to a new study by Syncsort. More than 40 percent of IBM i shops have suffered at least one security breach, according to the study, which also indicates that awareness of security regulations is growing, but not for the ones you might think.

In 2019, 11 percent of respondents reported being somewhat or very unconfident in their ability to prevent a data breach at their organization, Syncsort concluded in its new study, which is titled “IBM i …
Read more
Trinity Guard Gives Audit Tool A Friendly GUI

June 25, 2018 Alex Woodie

IT professionals who are tired of using 5250 greenscreens to manually conduct regulatory audits of their IBM i systems may be interested in a colorful piece of software from Trinity Guard. The company recently launched TGCentral, which is a unified HTML interface designed to simplify the configuration and execution of security and regulatory audits across multiple IBM i servers.

As the spiritual and intellectual successor to PentaSafe, Trinity Guard understands how beloved those old PentaSafe products were. Even though NetIQ/Attachmate/Micro Focus has not added any new features to its IBM i security suite for over a decade, there were …
Read more
IBM i Security Expert Interprets PCI and Multi-Factor Authentication

July 17, 2017 Dan Burger

With data security written boldly at the top of many organizations’ priority lists, the Payment Card Industry Data Security Standard (PCI DSS) is viewed as a top line defense against data breaches. Whether a company handles credit cards and is required to implement mandated security measures or uses the PCI standard as a best practices model, IT security gurus pay attention to the PCI DSS.

We are well beyond the realization that organizations need to be secure. The emphasis has clearly shifted to how organizations become secure. How to build and maintain a secure network, protect data and regularly monitor …
Read more
Time To Get Your 2FA On, IBM i Admins

April 3, 2017 Alex Woodie

System administrators working in regulated industries will soon be required to sign-in to servers using two-factor authentication (2FA), according to the latest PCI requirement. The industry regulation will impact administrators working with all types of computer systems, and will likely be enforced in late 2017 or early 2018, security experts say.

In prior versions of the Payment Cardholder Industry Data Security Standard (PCI DSS), only remote administrators were required to use 2FA, which bolsters the security of the sign-on process by requiring users to show “something you know,” like a password, as well as “something you have,” like a hardware …
Read more
Don’t Look Now, But PCI Just Changed Again

March 8, 2017 Alex Woodie

Heads up, IBM i shops: Companies that process any volume of credit card transactions now must send self-assessments to their acquiring banks under the jurisdiction of the Payment Card Industry’s Data Security Standard (PCI DSS). This is a pretty significant change, as previously only merchants processing large volumes were subject to strict PCI DSS requirements.

On January 31, a new PCI provision went into effect that requires Level 4 merchants to submit a Self-Assessment Questionnaire (SAQ) to their issuing banks. Previously, Level 4 merchants, which are defined as processing 20,000 or fewer ecommerce transactions or 1 million total transactions, were …
Read more

Content archive

Recent Posts

Subscribe

Pages

Search