Security on z/OS
Previous topic | Next topic | Contents | Glossary | Contact z/OS | PDF


Security facilities of z/OS

Security on z/OS

z/OS® facilities provide its high level of security and system integrity.

Data about customers is a valuable resource that could be sold to competitors. Thus, the aim of any security policy is to provide users with only their required level of access and to deny non-authorized users access. This is one reason why auditors prefer that users or groups are granted specific access, rather than using universal access facilities. The traditional focus of mainframe security was to focus on stopping unauthorized people from logging on to the system, and then ensuring that users were only allowed access to data on a need-to-know basis. As mainframes have become Internet servers, however, additional security has been required. There are outside threats such as hackers, viruses, and Trojan horses; Security Server includes tools to deal with these.

However, the main threat to company data is often from within. An employee within a company has a much better chance of obtaining data than someone outside. A well-thought-out security policy is always the first line of defense.

Further, z/OS provides a number of system integrity features to minimize intentional or accidental damage from other programs. Many installations run several copies of z/OS and often do not permit general TSO/ISPF users to access the production systems. z/OS security controls can protect the production environment if they are properly configured and prevent a TSO/ISPF user (either maliciously or accidentally) from impacting important production work.





Copyright IBM Corporation 1990, 2010