To guard against future cyberattacks efficiently, you should have a simple process to predict the impact of changes that are made to your security definitions. Security impact forecasting can provide a streamlined workflow in which historical data is captured automatically, and an intuitive interface enables you to set up security adaptations in a way that they can be quickly analyzed for effect and, when deemed correct, applied automatically.

In the context of IBM Resource Access Control Facility (RACF®), changes to existing access control definitions can be done in a proactive way with confidence by using IBM zSecure Admin. IBM zSecure Admin capabilities can help you assess and build stronger access controls against cyberthreats, rather than just reacting to them after they happen.

This IBM Redbooks® publication explores the value of analytics for security impact forecasting regarding IBM RACF and IBM zSecure Admin (RACF-Offline and the Access Monitor functions). Use cases, best practices, and step-by-step guidance with examples are provided.

This publication is for IT Managers and Security Architects who are responsible for the technology that protects their assets, and the change management staff and security administrators who are responsible for the safeguarding applications and data from unauthorized access.

The reader is expected to have a basic understanding of IT security concepts and the principle of least privilege in a zero trust framework.

Chapter 1. Tightening access controls with confidence

Chapter 2. IBM zSecure capabilities for IBM Resource Access Control Facility administrators

Chapter 3. Adding a set of profiles

Chapter 4. Removing unused security definitions

Chapter 5. Converting generic and specific access to group-based access

Chapter 6. Minimizing access control privileges