Securing and Auditing Data on DB2 for z/OS
An IBM Redbooks publication
Note: This is publication is now archived. For reference only.
Published on 09 June 2009
ISBN-10: 0738432857
ISBN-13: 9780738432854
IBM Form #: SG24-7720-00
Authors: Paolo Bruni, Felipe Bortoletto, Thomas Hubbard, Ernest Mancill, Hennie Mynhardt and Shuang Yu
In this age of complex regulatory oversight and wide ranging threats to corporate data, securing a company's information assets from internal and external threats has become a primary focus and concern for information professionals. IBM® understands these requirements and using features of the System z® hardware platform, DBMS and operating elements for DB2® on z/OS®, and Information Management tools can help to provide a defense in depth which can help to provide information confidentiality, integrity, and availability.
We start with a description of the data governance requirements, with an emphasis on IBM Data Servers Blueprint including the IBM Data Server Security Roadmap, and general elements of a complete governance approach. Next, using the elements described in the first section, we position and map the specific elements and requirements of the Blueprint based scenario to IBM portfolio of security solutions.
We then focus on some specific elements and capabilities of DB2 for z/OS and System z platform. These capabilities include elements such as network roles and trusted context, exploitation of network encryption capabilities with SSL and IPSec, and native DBMS Encryption. Included are System z hardware and z/OS operating system elements.
Having laid a solid foundation with the previous components, we then take a deeper look at two specific IBM Information Management tools solutions.
We build scenarios that demonstrate the use of the IBM Audit Management Expert for DB2 for z/OS. We take a deep dive look at the IBM Encryption Tool for DB2 and IMS Databases, including an exploration of the new functionality which provides coexistence with DB2 hardware assisted compression.
Part 1. Data governance
Chapter 1. Regulatory compliance
Chapter 2. The IBM Data Server Security Roadmap and some common DB2 for z/OS security themes
Part 2. IBM Data Governance portfolio
Chapter 3. IBM data servers on z/OS
Chapter 4. IBM Information Management tools
Chapter 5. Tivoli products
Chapter 6. OPTIM solutions
Part 3. System z synergy
Chapter 7. System z security features
Chapter 8. z/OS security
Part 4. DB2 Audit Management Expert
Chapter 9. DB2 Audit Management Expert architecture and installation
Chapter 10. Audit Management Expert scenarios
Chapter 11. Audit Management Expert administration
Part 5. Data Encryption for IMS and DB2 Databases
Chapter 12. Architecture and ICSF key management
Chapter 13. Data Encryption tool installation and customization
Chapter 14. Data encryption scenarios
Chapter 15. Administration of encrypted objects
Appendix A. System topology and workload
Appendix B. Sample configuration files for DB2 Audit Management Expert for z/OS