Skip to main content
IBM Redbooks

Securing and Auditing Data on DB2 for z/OS

An IBM Redbooks publication

Note: This is publication is now archived. For reference only.

thumbnail 

Published on 09 June 2009

  1. .PDF (7.6 MB)
Order hardcopy - This link opens in a new tab
Share this page:
 
 

ISBN-10: 0738432857
ISBN-13: 9780738432854
IBM Form #: SG24-7720-00

Authors: Paolo Bruni, Felipe Bortoletto, Thomas Hubbard, Ernest Mancill, Hennie Mynhardt and Shuang Yu

    menu icon

    Abstract

    In this age of complex regulatory oversight and wide ranging threats to corporate data, securing a company's information assets from internal and external threats has become a primary focus and concern for information professionals. IBM® understands these requirements and using features of the System z® hardware platform, DBMS and operating elements for DB2® on z/OS®, and Information Management tools can help to provide a defense in depth which can help to provide information confidentiality, integrity, and availability.

    We start with a description of the data governance requirements, with an emphasis on IBM Data Servers Blueprint including the IBM Data Server Security Roadmap, and general elements of a complete governance approach. Next, using the elements described in the first section, we position and map the specific elements and requirements of the Blueprint based scenario to IBM portfolio of security solutions.

    We then focus on some specific elements and capabilities of DB2 for z/OS and System z platform. These capabilities include elements such as network roles and trusted context, exploitation of network encryption capabilities with SSL and IPSec, and native DBMS Encryption. Included are System z hardware and z/OS operating system elements.

    Having laid a solid foundation with the previous components, we then take a deeper look at two specific IBM Information Management tools solutions.

    We build scenarios that demonstrate the use of the IBM Audit Management Expert for DB2 for z/OS. We take a deep dive look at the IBM Encryption Tool for DB2 and IMS Databases, including an exploration of the new functionality which provides coexistence with DB2 hardware assisted compression.

    Table of Contents

    Part 1. Data governance

    Chapter 1. Regulatory compliance

    Chapter 2. The IBM Data Server Security Roadmap and some common DB2 for z/OS security themes

    Part 2. IBM Data Governance portfolio

    Chapter 3. IBM data servers on z/OS

    Chapter 4. IBM Information Management tools

    Chapter 5. Tivoli products

    Chapter 6. OPTIM solutions

    Part 3. System z synergy

    Chapter 7. System z security features

    Chapter 8. z/OS security

    Part 4. DB2 Audit Management Expert

    Chapter 9. DB2 Audit Management Expert architecture and installation

    Chapter 10. Audit Management Expert scenarios

    Chapter 11. Audit Management Expert administration

    Part 5. Data Encryption for IMS and DB2 Databases

    Chapter 12. Architecture and ICSF key management

    Chapter 13. Data Encryption tool installation and customization

    Chapter 14. Data encryption scenarios

    Chapter 15. Administration of encrypted objects

    Appendix A. System topology and workload

    Appendix B. Sample configuration files for DB2 Audit Management Expert for z/OS