Durée : 1 jour
Prix Public : 700 € HT (tarif Inter-Entreprise)
This course introduces the zSecure Audit rule-based compliance evaluation framework. The course explains rule-based compliance evaluation concepts and includes an overview and demonstration of the supported compliance evaluation functions and reports. With the standard built-in compliance evaluation interface, you report the compliance of your systems against one or more of the supported external standards: STIG, STIGplus, GSD, or PCI-DSS. The course also teaches you how to customize compliance evaluations for the supported standards to fit your company’s requirements. Finally, you learn how to create a company-defined compliance standard. Hands-on exercises are included to enforce the skills that are taught in this course so that you can experiment with the rule-based compliance evaluation interface.
The target audience for this advanced-level course is security administrators, auditors, and compliance officers.
Before taking this course, make sure that you have the following skills:
- Basic knowledge of and experience with z/OS and RACF
- Familiarity with the IBM Security zSecure Audit ISPF panel interface
- Knowledge of and experience with the CARLa programming language
Unit 1: Rule-based compliance introduction and concepts
- Explain the concept of rule-based compliance evaluation with zSecure Audit
- Run compliance evaluations against the supported standards GSD331, STIG, and PCI-DSS
- Use the compliance evaluation results to apply the applicable changes to comply with the applicable (external) standard
- Customize compliance evaluations to fit with company security and audit policies
- Build customized system-defined compliance standards, rule sets, rules, and tests
Unit 2: Running compliance evaluations and interpret results
Unit 3: Customizing compliance standards, rules, or tests