After the CISO reviewed a z/Assure® vulnerability assessment executive report several high-level directives were issued:
- Integrate the mainframe into the Vulnerability and Penetration Testing Methodology
- Train the Penetration Testing team on z/Assure® VAP
• The Penetration Testing team is a global organization from distributed backgrounds, and pay less attention to, or have less appreciation for, mainframe’s role in IT security.
• Coordination between Operations and the Penetration Testing team. The mainframe data center complexes are spread out globally; system programmers are not located in the same locations as the penetration testing teams.
Read the Study
Find out how two penetration testers have become advocates for mainframe vulnerability management through training. They have taken several z/OS operating system classes and have extended the mainframe vulnerability scanning to include in-house written exits and done much more.
Scans are now integrated into the Quality Assurance Testing Process. All new software, upgrades, and PTF’s go through a vulnerability scan prior to migration into production.
They have plans to integrate the vulnerability detail reporting into their executive risk management dashboard.