Goto Home index page

The most dangerous security exploit is the one not yet known or discovered

A half-day, free seminar in London on Wednesday, 16^th May 2007

David Thomas, Fitz Software & Co. (9.30 a.m. - 10.15 a.m.)

“Protecting data safeguards client details and corporate reputations”

David had worked in the IT industry for 30 years travelling extensively around Europe and the Middle-East. He started in the private sector as a mainframe specialist for several large natural resource organisations. By 1990 he had moved to the ISV sector and worked with several large suppliers in supporting database software, middleware, and TP monitor products. More recently he worked with large enterprise clients and international consultants in delivering IT Asset Management and Network Configuration Management. He joined Fitz Software in 2006 as Products Manager and liaises directly with clients on their requirements and delivery of solutions.

David will start by giving a brief overview of the PCI (Payment Card Industry) Data Security Standards, requirements for compliance and international encryption certification standards. He will then discuss some unusual security issues that have arisen within enterprises regarding data security violations through unauthorised use and misuse. Access procedures, partner responsibilities and encryption are the key to successfully protecting your data while at rest and during transmission.

Glennon Bagsby, NewEra Software, U.S.A. (10.15 a.m. - 11.00 a.m.)

 “Auditing changes and their impact on z/OS servers”

Glennon has over 30 years experience with the IBM Mainframe platform.  He has worked in military, public and private sectors.  He joined NewEra Software, Inc. at its inception in 1989 and now serves the vital role of technical liaison between the user community and NewEra’s development team. He is a regular speaker at IBM and SHARE conferences in the USA. He will share some experiences and discussions from their larger clients that sit on the review board and the concerns expressed by them in relation to audit requirements for PCI and SOX compliance.

In the past the MVS (z/OS) servers were the domain of system programmers and normally only security issues caught the attention of auditors. PCI and Sarbanes-Oxley have dramatically changed the external requirements on these primary z/OS servers and their availability. Glennon will discuss what’s involved in managing the z/OS systems, the IPL and start-up of a sysplex, images and sub-systems. In particular, from an audit viewpoint, he’ll explain how to detect, document, report on and monitor authorized and unauthorized changes to system datasets.

Martin Dibden, Opsware Inc. (11.20 a.m. - 12.05 p.m.)

“Networks and PCI compliance – Continual ongoing audit and protection”

Martin has been working in the IT industry for over 15 years.  He started his career in IBM, working for 9 years in various roles, including the development of the UK Software business culminating as Client Director for BP.  The next 5 years were spent at BMC working with their largest clients solving the challenge of enterprise management across distributed and mainframe environments

Martin’s latest role is at Opsware, the fastest growing Enterprise Management company worldwide, to help develop the UK market with this new and exciting technology. Martin will discuss the Network Automation System and in particular how it has solved the challenge of compliance (PCI, SOX, ITIL and others) across the network for some of the world’s most prestigious companies.

Mike FitzGerald, Fitz Software & Co. (12.05 p.m. - 12.50 p.m.)

"Intrusion detection and security event notification"

Mike worked in Germany throughout the 1980s with two major software houses specialising in migration projects and systems support across multiple platforms. Projects encompassed all aspects of the computer centre including hardware, OS, system software, applications software, and personnel. Fitz Software was formed in 1991 and today has 120+ licensed users across EMEA, with offices in the UK and Ireland. The company specialises in “IT Asset & Configuration Management”, “DB Productivity”, and “IT Availability, Monitoring & Audit”

This discussion will introduce some key concepts of successful intrusion detection and security event notification on the mainframe. The detection process needs to ensure the security team is alerted on threatening events and malicious activity while also protecting from “Denial of Service” attacks. Payment Card Industry (PCI) and other data security standards have heightened the bar for immediate action on alerts, rather than belated reports long-after-the-event, when the clients’ details have been accessed by unauthorised users.  

* Open-Session & Lunch: 12.50 – 2.00 p.m.     

Any questions to any of the speakers.

 A complimentary light lunch will be served.

* Fitz User Groups: 2.00 – 4.00 p.m. Updates on products.