> > > TK242G Detailed outline

IBM Security zSecure RACF and SMF Auditing (TK242G)

Course Description Schedule Course Outline

Detailed Course Outline

Unit 1: Introduction to RACF auditing

  • List the RACF resources that need to be audited
  • Generate and interpret an audit concerns report
  • Identify all the profiles owned by a particular user
  • Identify the users authorized to maintain RACF application segments

Unit 2: Audit users and passwords

  • Generate and interpret user reports
  • Identify last logon and password aging
  • Identify users with system-wide authorities
  • Identify users with group specific authorities
  • Generate a report of trusted users

Unit 3: Audit resources

  • Identify sensitive profiles and the users who can modify them
  • Identify users who can create profiles of various types
  • Audit started tasks and programs

Unit 4: Audit subsystems

  • Generate audit reports about CICS regions, transactions, and programs
  • Generate audit reports about IMS regions, transactions, and program specification blocks
  • Generate audit report about DB2 region

Unit 5: Generate SMF audit reports

  • Explain the concepts of SMF auditing
  • Report which events are logged in SMF
  • Select events logged in SMF using ISPF interface
  • Report SMF events with predefined reports
  • Create customized SMF reports

Unit 6: Access Monitor and RACF Offline

  • Explain the Access Monitor functions and reports
  • Generate access summary overview reports
  • Compare historic access events against current RACF database definitions
  • Analyze permit, connect, profile, member, and global access entry usage
  • Remove unused profiles and authorizations
  • Use the RACF Offline component combined with Access Monitor

Unit 7: Library Analysis

  • Track changes that occur in z/OS system sensitive libraries