Success Stories

Review some of our highlighted success stories.

Due to the nature of the solutions we implemented, we cannot list client names.

Large Insurance Company

  • Performed DoD Risk Management Framework (RMF – formerly known as DIACAP) style services to a large insurance company.
  • Compared mainframe security implementation against 250+ RMF technical guidelines.
  • Discovered area of security that did not meet the RMF standard and documented findings.
  • Documentation included:
    • Technical guideline detail
    • Severity level assessed
    • Failure reasons
    • Recommendation for remediation
  • Requested by company to lead the remediation effort to address all failed findings.

Large Air Industry Company

  • Provide as-needed CA-Top Secret and mainframe systems programming support.
  • Assist in the maintenance and on-going administration of CA top Secret security software.
  • Lead the z/OS operating system upgrade process, as well as all 3rd party vendor software products.
  • Using this service, Client has deferred hiring of additional staff.

Federal Government, Manufacturing, Health Care, Financial, Telecommunications

  • Provide an in-depth analysis of mainframe security environment.
  • Conduct interviews with stake-holders and generate report data for analysis.
  • Analyze findings and create comprehensive findings report.
  • Formally present findings to client.

Major Insurance Company

Developed an additional processing capability for the Mainframe Event Acquisition System™ (MEAS™)”software to allow the porting of CA Compliance Manager security data to the customer’s Security Information and Event Management (SIEM) platform.

Major Financial Institution

  • Validate current Cleanup for TSS environment.
  • Prepare report of security findings and cleanup recommendations for Client review.
  • Generate UNREF and REF reports, including cleanup and contingency commands.
  • Review UNREF and REF reports and cleanup and contingency commands with appropriate Client personnel.
  • Execute cleanup of UNREFERENCED ACIDS and entitlements based upon the Client’s threshold.
  • Continue discussions with security staff regarding policy and procedure changes required with Cleanup implementation.
  • Work with Client staff to establish next date to gather security findings and cleanup activities to be executed.
  • Obtain Client confirmation that the project is ready to proceed to the next stage.

Large Supermarket Company

  • Provide as-needed IBM DB2 database administration support services.
  • DB2 tasks included:
    • Create, modify and delete database objects.
    • Perform DB2 analysis tasks to assist in the improvement of DB2 performance.
    • Perform routine DB2 maintenance tasks to include:
      • Backup/restore procedures
      • Unload/reload of DB2 database objects to reorganize as needed.
  • RACF tasks included:
    • Analyze the DB2/RACF access controls, and be able to determine what controls access to a specific database based on Database Name and/or Table Prefix.
    • Based on previous step, confirm if the current reporting and review process in place is correct for the compliance reviews, and advise on how to close any gaps to be compliant for the reporting and review process.
    • If the current process is not correct, consult to assist in determining the correct review criteria and assist in generating any reports and jobs needed to achieve goal.
    • Advise if the applications are supposed to have overlapping access controls.
    • Provide weekly status report indicating accomplishments, issues and expected tasks for the next week.

Large Insurance Company

  • Provide full-time high-level CA-Top Secret consultant to assist client in re-architecting application security to meet Sarbanes-Oxley requirements.
  • Provide high-level expertise in CA-Top Secret interfaces and operation with application software.
  • Craft and execute CA-Top Secret commands to address security deficiencies and implementation of new application security architecture.
  • End-user transparent, identical access/enforcement maintained throughout, no outage/production impact.

Large Healthcare Company

  • Using proprietary “Conversion Factory” process, convert client IBM-RACF to functionally equivalent CA-ACF2 Secret security database.
  • Conversion factory process provides minimal downtime and no risk for Client.

Large Financial Institution

  • Focus on almost 200 sub-sections which require moving ACIDS which have both STC and BATCH Facility into the PROPCNTL resource class.
  • Remove FACILITY BATCH from the ACIDS that have FACILITY STC which do not require it.
  • Monitor and report on Auditor Data.
  • Provide Dataset protection based on new Audit requirements.
  • Implement resource classes not controlled by Top Secret, e.g., CICS, DCICSDCT, FCICSFCT.
  • Proper auditing of UNIX System Services file accesses.
  • Provide Top Secret setup for UNIX System Services.

Major Financial Institution

  • Provide a staffing support to client, assisting with mainframe CA Top Secret security cleanup.
  • Implementation of processes and procedures to manage the archival and restoration of CA Top Secret ACIDS and entitlements in the client environment.
  • Provide remote consultant assistance including analysis of current cleanup statistics.
  • Provide analysis of current processes and procedures for cleaning up unneeded security definitions.
  • Development of new processes and procedures for cleanup for CA Top Secret users and restoration entitlements (batch mode).
  • Monitor cleanup affect on CA Top Secret performance.
  • Review and development INCLUDE/EXCLUDE lists.
  • Review Cleanup tracking file implementation.
  • Review CPF configuration.

Major Insurance Company

  • Provide staff augmentation in support of the Insurance Company Agency Market Compliance Department.
  • Provide support of the Compliance Remediation Project in the implementation of Role Based Access Control (RBAC) utilizing CA-ACF2 and Windows Active Directory access control systems.
  • Focus project was the remediation of the access control system components of large, financially significant systems.
  • Provide consulting resources skilled in inventory planning, architectural design, definition, implementation and project management of an RBAC based security structure.
  • Provide an independent team of 7 senior mainframe security subject matter experts to support the conversion of a user-based access control system to a role-based accessed control system.
  • Provide consulting resources skilled in architectural design. Implementation and project management of large system Security Access Control Systems.
  • Provide analysis and remediation planning for application and data access using Active Directory (AD).
  • Perform a required inventory and analysis of Windows production servers to classify data elements.
  • Perform an inventory of application components and custom Active Directory usage.
  • Perform an inventory of Active Directory groups and classify those groups based upon usage and remove all unused Active Directory groups.
  • Analyze and restructure the security in RACF for appropriate user access.
  • Coordinate with business units to identify application ownership and translated ownerships into RACF groupings by application and associated mainframe components.
Contact Us

Let InfoSec and our highly skilled mainframe consultants assist you in meeting your service level agreements and helping you to meet your data center challenges.

FREE CONSULTATION

Schedule a complimentary consultation with our team of mainframe and security specialists today.