Administrators under Detective Controls

If you have any responsibility for the delivery of z/OS services then this will be of interest to you. It will discuss the automated detective controls required of those in manager or senior positions in system programming, security, audit or risk management.

Surveys (e.g. http://www.theregister.co.uk/2010/08/19/rogue_workers_survey/) on the negative actions of BPO employees or contractors are often in the newspapers and internet. These highlight that "internal" users or agents represent the biggest threat to an organisation's data and services. We must believe most people are good and in any case an organisation must trust people to function - especially those in administrative roles. What is now generally accepted is that close monitoring of highly authorised administrators and users must be considered normal and not be viewed as a punishment by management or employees.

.