Challenge
A U.S. based client aimed to assess the security of their mainframe systems to address potential vulnerabilities and mitigate risks.
CPT Global’s review focused on the z/OS operating system and its security through the RACF database.
The objective was to identify weaknesses that could potentially be exploited, especially by an insider with high technical knowledge and malicious intent to steal sensitive data or disrupt operations.
CPT Global’s Actions
CPT conducted a comprehensive security review to evaluate the client’s mainframe security posture. Key actions included:
- Assessing the z/OS operating system and RACF database to identify vulnerabilities and potential gaps in security controls.
- Testing for specific risks, such as unauthorized access to system utilities, dataset modification capabilities, and improper system configurations.
- Developing a detailed classification of identified vulnerabilities, prioritizing them based on their risk levels: critical, high, or medium.
- Providing targeted recommendations, from remediating specific vulnerabilities to implementing long-term security improvement plans.
Results
- Identified and prioritized several highly rated vulnerabilities requiring attention, improving overall system security.
- High-risk vulnerabilities were addressed promptly, reducing the threat of data theft or system disruption.
- Delivered recommendations, including a 3-year security improvement plan and ongoing training for security personnel.
- Reinforced the significance of annual third-party reviews to maintain compliance and reflect industry best practices.
CPT Global’s expertise ensured strengthened security and long-term safeguards.
.png)
