Skip to main content

Challenge 

A U.S. based client aimed to assess the security of their mainframe systems to address potential vulnerabilities and mitigate risks.​​

CPT Global’s review focused on the z/OS operating system and its security through the RACF database.​​

The objective was to identify weaknesses that could potentially be exploited, especially by an insider with high technical knowledge and malicious intent to steal sensitive data or disrupt operations.​ 

CPT Global’s Actions 

CPT conducted a comprehensive security review to evaluate the client’s mainframe security posture. Key actions included:​​

  • Assessing the z/OS operating system and RACF database to identify vulnerabilities and potential gaps in security controls.​
  • Testing for specific risks, such as unauthorized access to system utilities, dataset modification capabilities, and improper system configurations.​
  • Developing a detailed classification of identified vulnerabilities, prioritizing them based on their risk levels: critical, high, or medium.​
  • Providing targeted recommendations, from remediating specific vulnerabilities to implementing long-term security improvement plans.​ 

Results 

  • Identified and prioritized several highly rated vulnerabilities requiring attention, improving overall system security.​
  • High-risk vulnerabilities were addressed promptly, reducing the threat of data theft or system disruption.​
  • Delivered recommendations, including a 3-year security improvement plan and ongoing training for security personnel.​
  • Reinforced the significance of annual third-party reviews to maintain compliance and reflect industry best practices.​

CPT Global’s expertise ensured strengthened security and long-term safeguards.

CPT Global
Post by CPT Global
Feb 3, 2025 9:00:00 AM