Session title: An Audit A Day Keeps the Lawyers at Bay!
Session abstract: Audit and Compliance is one of the big challenges companies are facing these days. With GDPR and a bunch of other laws either in force or “coming soon to an auditor near you” it is time to bite the bullet and start working with the auditor not against. This presentation shows how you can answer Who did What When ‐ whenever needed.
GDPR, GLB HIPAA PCI-DSS Basel III Sarbanes-Oxley CA SB1386 Federal Information Security Management Act “Red Flag” Rules (FRCA)5 are facing us with serious requirements to protect the data we’re hosting and to be able to report on a variety of criteria the Auditors may ask for. There’s different ways and tools that promise to be able to do it, but what can they really do and what are the associated costs? This presentation introduces Db2 technology exploitation that delivers DML, DDL, DCL activity in a Db2 environment along with identification details. This presentation helps you understanding the way Auditors look at Db2 and what they need to do their daily work. Learn how you can satisfy your Auditors needs, by interfacing with a SIEM system, like QRadar, Splunk, AlienVault, et al, combining the Db2 information with RACF, SMF and Master Log data.
Speaker biography: Roy Boxwell has more than 31 years of experience in MVS, OS/390, and z/OS environments – 29 of those in Db2. He specializes in installation, migration, and performance monitoring and tuning. Roy leads the SEG development team of SEGUS responsible for the real-time database maintenance solutions. He is also an active participant, speaker and contributor on the IDUG Db2 Listserv and sends out a monthly Db2 z/OS Newsletter.