Additional documents of interest
- Successful Business Continuity - Part 1 - Users and Groups
-
This article was published in the April 2005 issue of
AIX Update magazine
and discusses system administration needs and requirements oriented
around users and groups. The overall emphasis of this series of
articles is for implementation of enterprise wide unique identifiers
for a variety of parameters, such as user names, group names, UID and
GID numbers.
- Successful Business Continuity - Part 2 - Machine and Host Names
-
This article was published in the May 2005 issue of
AIX Update magazine
and discusses naming structures for machines, systems, adapters, and
aliases. The overall emphasis of this series of articles is for
implementation of enterprise wide unique identifiers for a variety of
parameters.
- Successful Business Continuity - Part 3 - Volume Names
-
This article was published in the December 2005 issue of
AIX Update magazine
and discusses naming structures for volume groups, logical volumes, log
logical volumes, directory mount points, etc. The overall emphasis of
this series of articles is for implementation of enterprise wide unique
identifiers for a variety of parameters.
- Successful Business Continuity - Part 4 - MQ Series, Startup/Shutdown Scripts, Error Processing
-
This article was published in the April 2006 issue of
AIX Update magazine
and discusses how to implement AIX in an environment dedicated to
business continuity. The topic of this article is the assignment of MQ
Series queue names and aliases, resource group startup and shutdown
script names (Application startup/shutdown script names), error logging,
and error notification.
- Successful Business Continuity - Part 5 - Miscellaneous topics
-
This article was published in the August 2006 issue of
AIX Update magazine
and discusses how to implement AIX in an environment dedicated to
business continuity. A variety of topics is discussed in this article
including automated documentation generation and management.
- Automated Microcode Management System
-
One of the most difficult administration tasks in an AIX environment is
attempting to keep the firmware and microcode up-to-date. Mt Xia has
devised an automated method of gathering the Microcode information,
determining which microcode needs to be updated, generating reports, and
uploading the required microcode updates to each individual system.
- Calculating the size of a Virtual Processor
-
This document describes the algorithms used to calculate the size of a
virtual processor when using shared processors in an LPAR. The IBM
documentation describes how to calculate CPU utilization, NOT how to
size for configuration, this document clarifies this process. A
description of the HMC input fields for the processor tab is included.
- Basics of Partition Load Manager Setup
-
This presentation was provided by Ron Barker from IBM regarding the PLM Basic
setup.
- ppt
- pdf
|
BC Auditing
Audit Response
In keeping with Mt Xia's overriding mentality of automation, our
toolsets enable the ability to respond to audit requests via a
"self-service" interface which grants access to
audit information only to authorized auditors. This relieves the system
administration staff from having to gather, format, and provide this
information to numerous different auditors, several times a year.
Depending upon the size of the organization, this automated audit
response system can save hundreds of thousands of dollars per year.
The automation of audit response is achieved through the integration
of several Mt Xia toolsets. These toolsets continuously gather
information about the systems and generate audit documentation
containing this information. These documents are uploaded to
Mt Xia's content management system and made available to auditors
upon request. The only on-going task for the system administrator, is
to grant or deny access to auditors.
Audit Compliance
INFOSEC Assessment Methodology (IAM)
IAM is a detailed and systematic method for examining security vulnerabilities from an organizational perspective
as opposed to a only a technical perspective. Often overlooked are the processes, procedures, documentation,
and informal activities that directly impact an organization's overall security posture but that might
not necessarily be technical in nature.
NSA developed the IAM to give organizations a repeatable framework for conducting organizational types of assessments.
We can also provide clients, appropriate information on what to look for in an assessment provider.
The IAM is also intended to rase awareness of the need for organizational types of assessment versus the purely technical type of assessment.
National Security Agency's IAM is a baseline measurement of the controls implemented to protect information that is transmitted, processed,
or stored by a specific system. Simplified, this is a measurement of the security posture of a system or organization.
Phases of the IAM
| Pre-Assessment Phase |
On-Site Assessment Phase |
Post Assessment Phase |
| Identify Information Criticality |
On-Site In-Brief |
Additional Documentation Review |
| Identify System Configuration |
Interview Site Personnel |
Finalize Analysis |
| Set Scope of the Assessment |
System Demonstrations |
Consult Additional Expertise |
| Documentation Request |
Documentation Review |
Generate Recommendations |
| Documentation Review |
On-Site Out Brief |
Final Report Coordination |
| Team Assignment |
|
|
| Pre-Analysis |
|
|
| Site Visit Coordination |
|
|
Organizationl Information Criticality Matrix (OICM)
The OICM is based on the client decisions about the information types within their own organization that are
critical for the completion of their mission and meeting organizational goals.
System Information Criticality
Defines those specific systems that process, transmit, or store the client's critical information.
These are the key information systems that have the greatest impact on the client's operations.
From a technical perspective, these are the systems that will be most focused on during any technical evaluations
that occour in conjuction with the IAM assessment process.
From a purely organizaitonal perspective, these are the systems that need the deepest scrutiny because the
compromise or complete loss of these particular information systems would most likely have a distinct and
often painful impact on the organization.
|
|
|
