The GSE UK Security Working Group are pleased to confirm that the next meeting is scheduled as follows:
| Date | Thursday 27th February 2024, 09:00 – 17:00 GMT (Please note the time zone! The meeting is being run from the UK) |
| Venue | This is a hybrid meeting – you can attend in person or via Microsoft Teams BMC Winnersh, 1020 Eskdale Road, 2nd Floor, Winnersh, RG41 5TS (click here for location map) |
| Registration | Click here |
| CPE/CPD hours | Up to a maximum of 7 hours (full attendance required to claim maximum number of hours) |
This meeting is suitable for anyone with an interest in Mainframe Security, including Mainframe Security Professionals (newbies to experienced), Cyber Security Specialists, System Programmers, Auditors and Managers. Attending this meeting will grow your professional skills and knowledge in the following areas:
- Latest security innovations from vendors and how they help enhance security for your organisation
- Current threats, trends, including regulatory and compliance updates to help you prioritise security and compliance efforts
- Share problems, knowledge, best practices with working group members
- Give feedback to vendors on their offerings, including product direction
- Earn CPE/CPD hours to support maintenance of certifications or an education portfolio
Agenda
| Start | End | Topic | Who |
| 09:00 | 10:00 | Welcome from our host, BMC Software Kickoff welcome session and presentation from our host: Briefing on the impending regulations that are landing post DORA – ISO20022 & PSDIII. | Mark Banwell and Duncan Ash (BMC Software) |
| 10:00 | 11:00 | Considerations for Migrating Db2 Security to RACF Why convert to RACF for securing Db2? Implementing RACF offers significant security benefits by centralizing access control and ensuring that security management is handled by dedicated security professionals rather than database administrators. This session is designed for RACF administrators and security professionals looking to understand how RACF can be leveraged to secure Db2 effectively. We will examine the technical mechanisms that enable RACF-based security for Db2, highlighting how it aligns with enterprise security policies while maintaining—or even enhancing—existing security controls. While most security permissions will remain unchanged, we will also discuss specific cases where differences exist and what they mean for database access and administration. Attendees will gain a clear understanding of the benefits, challenges, and best practices for a smooth and secure transition to RACF for Db2 security. | Joern Thyssen and Lou Losee (Rocket Software) |
| 11:00 | 11:15 | Coffee Break | All |
| 11:15 | 12:15 | Introduction to TLS and ATLS and some of the tools A short introduction to TLS and ATLS and some of the tools Colin developed. | Colin Paice (Stromness Software Solutions) |
| 12:15 | 13:15 | Lunch Break & Networking | All |
| 13:15 | 14:15 | Snakes & SysProgs Take a journey from traditional RACF reporting to an innovative, open-source Python solution for mainframe data analysis. Starting with the limitations of standard RACF reporting tools like CARLA, this session explains the need for and evolution of the original pyRACF tool, now enhanced and rebranded as MFPandas. You’ll explore how MFPandas empowers mainframe professionals to parse and analyze IRRDBU00 and DCOLLECT data, uncovering powerful insights by combining dataset access details with real dataset names. Whether you’re familiar with RACF and z/OS datasets or new to the field, this session will guide you through practical, live examples of using Python to unlock mainframe data, providing both engineers and auditors with flexible, modern data capabilities. | Henri Kuiper (Mainframe Society) |
| 14:15 | 15:15 | Anatomy of a z/OS Code Based Integrity Vulnerability The integrity of mainframe data and software is critical in fundamentally securing your business and understanding operating system integrity is a critical part of mainframe security strategies. This presentation will describe several types of integrity-based code vulnerabilities and correlate each to a sample SVC program listing. Through this process you will learn how to identify and communicate these types of code-based vulnerabilities. This presentation will supply a framework that will provide: – Security architects and systems programmers with a clear and concise definition of z/OS integrity-based code vulnerabilities. – Knowledge necessary for security architects and systems programmers to communicate with their management clearly and concisely the risks associated with any identified z/OS integrity-based code vulnerability. – An understanding of the associated risks and impact that a z/OS integrity-based code vulnerability can have if not mitigated. | Ray Overby (Rocket Software) |
| 15:15 | 15:30 | Afternoon tea | All |
| 15:30 | 16:30 | Anyone got an idea? A short look at the IBM ideas website. How to use it and how to promote good ideas. Includes a look at some security ideas that are published. | Lennie Dymoke-Bradshaw (Freelancer) |
| 16:30 | 17:00 | Mainframe Security Current Status and the Future Open discussion | All |
| 17:00 | End of meeting |
Note: Agenda and timings are subject to change.
Future GSE UK Security meetings for your calendar More details of our schedule, including other events from the GSE UK Region can be found here: https://www.gse.org.uk/events/
Be the first to comment