IBM Security zSecure Audit Rule-based Compliance Evaluation and CustomizationSecurity
DescriptionWhat we offer
This course introduces the IBM Security zSecure Audit rule-based compliance evaluation framework.
The course discusses rule-based compliance evaluation concepts and includes an overview and demonstration of the supported compliance functions and reports. With the standard built-in compliance evaluation interface, you report the compliance of your systems against one or more of the supported external standards: STIG, GSD, or PCI-DSS.
The course teaches you how to customize the compliance evaluation for the supported standards to fit your company's requirements. Finally, you learn how to create a company-defined compliance standard.
Hands-on exercises are included to enforce the skills that are taught in this course so that you can experiment with the rule-based compliance evaluation interface.
ObjectivesWhat you learn
- Explain the concept of rule-based compliance evaluation with zSecure Audit.
- Run compliance evaluations against the supported standards: GSD, STIG, and PCI-DSS.
- Use the compliance evaluation results to apply the applicable changes to comply with the applicable (external) standard.
- Customize compliance evaluation to fit with company security and audit policies.
- Build customized company-specific compliance standards, rules, and tests.
TopicsThe best for you
Unit 1: Rule-based compliance introduction and concepts
- Compliance evaluation framework
- Compliance evaluation input sources
Unit 2: Running compliance evaluations and interpreting the results
- Using the built-in compliance evaluation interface to check against an external standard
- Running compliance evaluations for multiple systems against multiple standards
Unit 3: Customizing compliance standards, rules, or tests
- Customizing the predefined rule sets, rules, and tests to fit the company policies
- Suppressing rules that do not apply to your company
- Building company-specific rule sets, rules, or tests
- Defining a company-specific compliance standard
PrerequisitesWhat should you know
You should have the following skills:
- Basic knowledge of and experience with z/OS and RACF
- Familiarity with the IBM Security zSecure Audit ISPF panel interface
- Knowledge of and experience with the CARLa programming language
AudienceWho should attend
The target audience for this advanced level course is security administrators, auditors, and compliance officers.