Best IT Documents.com Blog


Sample Word – JCL Conventions

Posted in Compliances (1300),O S (375) by Guest on the January 30th, 2015

Free Word document download

JCL Conventions

Comments Off on Sample Word – JCL Conventions

Sample – Network UAT Change Policy

Posted in Compliances (1300),Networking (340),Security (1500) by Guest on the January 29th, 2015

Network Services is requiring User Acceptance Testing (UAT) on all high risk/high impact changes and/or changes that will result in a known impact or system degradation. The risk scoring of the change is based on information entered in the change record as well as the Enterprise model used for scoring changes.

The change is to be thoroughly researched as to impact, proper notifications made to the Lines of Business, and testing coordinated.  The intent of the UAT requirement is to ensure that applications and servers impacted by a change validate their applications during the change window by executing tests and checks that the teams deem appropriate to verify that the applications are working as expected.

The name and email address of the line of business tester will be required to be documented in the long-description section of the change record.  For those changes that are on shared devices and that impact multiple lines of business, the project manager or technology project manager will be expected to coordinate the UAT.

The UAT is to be done during the approved change window so that should there be issues, they can be resolved prior to the start of the production day.

Some lines of business will not be able to test during this period due to services/exchanges needed to test not being available.  For these types of situations, the teams can follow their normal process for validating changes and will not be required to submit a waiver accompanied by Lines of Business approvals.

Issues reported outside of the change window will be handled as break-fix subject to normal SLA’s for incident restoral.

If the client decides they do not want to provide user acceptance testing, they must provide a UAT waiver email with Lines of Business approval attached to the change record.

Other relevant conditions that apply are outlined below:

  • Vendors in some cases are approved to test on behalf of the lines of business. That is acceptable as long as there is a detail test plan that covers all features and functionality associated with the device being changed.
  • Low risk- repeatable type changes, although not subject to this requirement, should be validated by the line of business as well.
  • Firewall rules changes are many times bundled into one change.   It is expected that the Service Request submitter will perform the UAT.
  • Non-prod devices, labs, and lower level development platforms are out of scope.

 

Comments Off on Sample – Network UAT Change Policy

Sample Word – Physical Data Center Local Recovery Considerations

Posted in Policies - Standards (600),Security (1500) by Guest on the January 28th, 2015
Comments Off on Sample Word – Physical Data Center Local Recovery Considerations

Sample Excel – Application Discovery 2

Posted in O S (375),Sample - IT Spreadsheets - PowerPoints (251) by Guest on the January 27th, 2015

Free Excel document download

Application Discovery 2

Comments Off on Sample Excel – Application Discovery 2

How to create Unit Managers in Qualys for Remediation Management

Posted in Compliances (1300),Security (1500),Visio Samples - Stencils (457) by Guest on the January 26th, 2015

Background: In order to remediate vulnerabilities found, all assets must have an identified asset owner who will work to either fix the vulnerabilities or route the issue to someone who will. Persons who will remediate assets are called “Unit Managers.” This document outlines how to setup an individual as a Unit Manager. Only Qualys Administrators will be able to perform this setup function.

InfoSec Policy: All external assets that are internet facing, and therefore at a higher risk, must be scanned on a weekly basis. All internal assets that are not exposed to the Internet must be scanned on a monthly basis.

Steps:

Identify Assets, and group into asset groups. Note that there should be separate groups for internal and external facing assets since the scanning schedule. Admins should already be familiar with creating asset groups.

Create or Promote user to Unit Manager Role.

Assign Asset group to Business Unit, or create new Business Unit using the New Business Unit button. Name the Business Unit to include the Unit Manager’s name and the geographic region or asset type, such as US-Eastern or UnixOps, etc. Then assign the asset groups to the Business Unit.

Create a standard Remediation Policy for the Business Unit. Under Tools in the Navigation Pane, click on Remediation Policy and then select New and choose Rule. Name it after the geographic region or asset type. Add the asset groups. Ensure that all levels 4 and 5, including potential vulnerabilities are checked. Assign the remediation to the Unit Manager. Set the deadline for remediation as 14 days (standard).

Schedule the Scan. Admins should be familiar with scheduling scans. Remember to schedule scans for external assets on a weekly basis, typically on Fridays after business hours on the West Coast. 23:00 hrs PST works fine. Schedule the internal assets to be scanned on a monthly basis, typically earlier in the month, or at a negotiated time that is best for the Unit Manager.

Review the Open Tickets. After the first scan completes, ensure that the Unit Manager received his automated alert about his asset groups being scanned. If so, schedule a meeting to review his scan results, review open tickets and answer any questions he may have about the remediation process. Be sure he knows how to close, ignore or route tickets and to reference Remedy ticket numbers in the comment field.

 

Comments Off on How to create Unit Managers in Qualys for Remediation Management

Qualys Business Units

Posted in Compliances (1300),Security (1500) by Guest on the January 25th, 2015

Management and Remediation

Introduction

Per regulatory compliance, Information Security team conducts periodic vulnerability assessment (VA) scans on all Symantec internal networks. Business units in QualysGuard are used to delegate remediation responsibilities. If you are a business unit manager, please follow these instructions for assistance on managing your business unit.

If you need assistance or guidance on remediation, please refer to “Qualys new user and remediation guidelines” document.

Asset Groups

Business units start with Asset Groups. Asset Groups are logical groping of networks which belongs to your business unit.

Logon to QualysGuard and click “Asset Groups” under Tools. On the right pane, you will see asset groups which are part of your business unit:

Screen shot here….

Asset groups are owned and managed by IT Security Operations team. For asset group support, please contact Security Operations team: IT – Security Operations.

Vulnerability Scans

Information Security team conducts periodic VA scanning on all asset groups. Current schedule for VA scanning is once a quarter or more.

Prior to quarterly scans, you will receive an IT advance notification email from Operation Global Shield (see example below):

When VA scans start, you may receive several emails from “Qualys Inc.” with the subject “QualysGuard: Scan Results”. These are scan status emails. Look for “Scan Status” line in each email. If Scan Status reads FINISHED, then follow the instructions from “Qualys new user and remediation guidelines” document.

User Accounts

If you would like to delegate remediation responsibilities further to your team members, please contact IT Security Operations (IT – Security Operations) and have them create new user account for your team members.

You can also create new accounts yourself as the business unit manager. In QualysGuard, goto User Accounts under Tools and click New – User…

Screen shot here….

Enter account details as shown below. Double check the email address and make sure user role is: Reader and under asset groups, add asset groups which will belong to the new user:

Screen shot here….

Click Save when done (you may need to scroll all the way down)

If you want to change a users asset groups later on, you can always edit your business unit users and add/remove asset groups as necessary.

Currently VA scans are managed by Security Operations team. If you want a VA scan run on an asset group in your business unit, please contact Security Operations team: (IT – Security Operations)

For remediation assistance, please refer to the “Qualys new user and remediation guidelines” document.

 

Comments Off on Qualys Business Units

Sample Visio – Server Refresh Flows

Posted in O S (375),Visio Samples - Stencils (457) by Guest on the January 24th, 2015

Free Visio document downloads

Server Refresh Flows

Comments Off on Sample Visio – Server Refresh Flows

Documentation in JCL

Posted in Compliances (1300),O S (375) by Guest on the January 23rd, 2015

• There should be a narrative at the beginning of each JCL member containing the following:
o A detailed description explaining the processing
o The project number, date written and author.
o A list of all inputs and outputs used. This should include files, databases, report names, etc.
o For procedures (procs), what JCL member submits the procedure.
 
• There should always be a change log and an entry in that log for each significant change made to any JCL containing the following:
o A detailed description explaining the processing.
o The project number, date written and author.
 
• The change log and list of inputs/outputs should be updated with each change implemented to production.
 
• There should be a comment box above each step containing the following:
o A brief description of explaining the processing for that step
o Restart instructions with the following format:
//****************************************************************
//*  RESTART INSTRUCTIONS                    **
//*  IF JOB ABENDS IN STEP0010 ADD THE FOLLOWING PARAMETER      **
//*  TO THE JOB CARD:                                           **
//*  RESTART=JOBXXXXX.STEP0010                    **
//*  AND RESUBMIT THE JOB.                                      **
//****************************************************************
•   The RESTART parameter must specify the name of the step which has the EXEC PGM=xxxx.
•   If EXEC PGM=xxxx exists in the JCL, the restart parameter will only contain the JCL step name.
•   If EXEC PGM=xxxx exists in a PROC executed by a JCL member, the restart parameter will contain the JCL step name followed by the PROC step name.
•   If EXEC PGM=xxxx exists in a PROC A which is executed by PROC B, the restart paramter will contain PROC B step name followed by PROC A step name. 
 
• Examples of restart instructions:
Restart Description
jclstep Restart JCL step from Job
jclstep.procstep Restart step from a procedure
jclstep.SAS Restart JCL step from Job executing SAS procedure

File Considerations
• DISP=SHR should be used for all files being read.  This allows multiple jobs/users to access the data.
• DISP=OLD should only be used for files being updated.  The data set will be unavailable for all other jobs/users.
• DISP=MOD should not be used.  Restarting jobs with DISP=MOD and ensuring data integrity is very difficult.
• Work data sets are cataloged data sets used by only one job.  They are used in place of temporary data sets (&&dsname).  They are to be deleted and re-allocated for each job.
• Work data sets are deleted either at the beginning of the job, or at the end of the job.
 
• A SECURITY step should be used to copy sequential files. 
o An unlimited number of input files and output files can be copied in one SECURITY step. 
o Generic control cards should be used for the SYSIN of SECURITY steps. 
o The syntax for a SECURITY step is as follows:
//STEP0010 EXEC PGM=SECURITY
//STEPLIB  DD DSN=D.SYSPROGS,DISP=SHR
//SYSPRINT DD SYSOUT=(,),OUTPUT=*.RMDSJCL
//INPUT01  DD …
//OUTPUT01 DD …
//SYSIN    DD DSN=B79.D953.HP%GIOxxyy..CONTROL.CARDS(GIOxxyy),DISP=SHR

• An IDCAMS step should be used to copy VSAM files.
o An unlimited number of input files and output files can be copied in one SECURITY step. 
o Generic control cards should be used for the SYSIN of SECURITY steps. 
o The syntax for a SECURITY step is as follows:
//STEP0010 EXEC PGM=IDCAMS
//SYSPRINT DD SYSOUT=(,),OUTPUT=*.RMDSJCL
//INFILE01 DD …
//OUTFIL01 DD …
//SYSIN DD DSN=B79.D953.HP%GRPxxyy..CONTROL.CARDS(GRPxxyy),DISP=SHR
 
• Data sets where the data needs to be accessed from two centers needs to be analyzed to determine if the file should be a tape file cataloged at both centers, or a disk file equalized between two centers when updated.  Option S.7.1 on TSO can help with the decision by showing the cost of each storage device.  
• Temporary data sets (&&dsname) should not be used.  Temporary data sets generally make a job non-restartable.
• Alternative:  Use work data sets instead.
• See also Tape File Considerations.

GDG Considerations
• GDG’s should be defined through TSO option S.8.
 
• The number of generations of a GDG should be altered through TSO option S.8.
 
• GDG bases can be deleted through IDCAMS.  The SYSIN should have the following format:
DELETE gdg data set name GENERATIONDATAGROUP
 
• The following TSO command can be used to view information about a GDG:
LISTCAT ENTRIES (‘gdg data set name’) ALL
 
• New generations of GDG’s should be created in the very last step of the JOB.  This is to make JOBs more easily restartable.
o Alternative:  Write the data to a work data set.
 
• GDG generation numbers are updated when the JOB completes.
 
• Restart instructions need to be considered for new generations of GDG’s created before the last step of the JOB.
 
• In procedures, the generation number should be a symbolic parameter for each new generation of a GDG created before the last step of the JOB. 
 
IMS Considerations
 
• IMS BMP’s should never contain database DD cards.
• Use DFSVSAMP DD DSN=IMS20.PROCLIB(DFSVSM00)’ for generic.
• BMP steps require all files to be pre-allocated.
• PSB names should match program names.
 
 
Inter-Center Equalization
 
• Disk Sequential file
• Disk Partitioned Data Sets 
• Tape Files  (hyper link to the Tape File Considerations page: JCL-Tape File Considerations
 
Warning:  Disk files have a limit as to the number of records that can be equalized.  Files with 300,000 or more records have the chance of being canceled by computer operations.
 
Recommendation when equalizing a tape catalog:

If tape GDG’s are utilized during the equalization process, the need to delete the tape file on the receiving center is eliminated.

See Tape File Considerations and GDG Considerations for more information.
 
 
Note: 
SYSPRINT from the receiving job will always print.  To send SYSPRINT to RMDS would require  to maintain a copies

Comments Off on Documentation in JCL

Sample Excel – PIX Firewall Peer Review Log

Posted in Firewalls (75),Sample - IT Spreadsheets - PowerPoints (251) by Guest on the January 22nd, 2015

Free Excel document download

PIX Firewall Peer Review Log

 

Comments Off on Sample Excel – PIX Firewall Peer Review Log

Sample Excel – SEIM – Bluecoat SNMP monitoring

Posted in Sample - IT Spreadsheets - PowerPoints (251) by Guest on the January 21st, 2015

Free Excel document download

SEIM – Bluecoat SNMP monitoring

Comments Off on Sample Excel – SEIM – Bluecoat SNMP monitoring

Sample Excel – Sample Hardware Inventory Tracking 2

Posted in O S (375),Sample - IT Spreadsheets - PowerPoints (251) by Guest on the January 20th, 2015

Free Excel document download

Sample Hardware Inventories

Comments Off on Sample Excel – Sample Hardware Inventory Tracking 2

JCL Coding Examples

Posted in Compliances (1300),O S (375) by Guest on the January 19th, 2015

Coding  examples for “DISP=SHR”  or  “DISP=OLD”  for all datasets  (any label). 

//{yourdd} DD DSN={your.dataset.name}, 

//            DISP={SHR|OLD} 

Unit affinity example: 

//{yourdd1} DD DSN={your.dataset.name1},DISP={SHR|OLD} 

//{yourdd2} DD DSN={your.dataset.name2},DISP={SHR|OLD},UNIT=AFF={yourdd1} 

//{yourdd3} DD DSN={your.dataset.name3},DISP={SHR|OLD},UNIT=AFF={yourdd2}

Unit affinity example (concatenation):

//{yourdd1} DD DSN={your.dataset.name1},DISP={SHR|OLD}

//          DD DSN={your.dataset.name2},DISP={SHR|OLD},UNIT=AFF={yourdd1}

//          DD DSN={your.dataset.name3},DISP={SHR|OLD},UNIT=AFF={yourdd1}

Coding example for VSAM “DISP=NEW”:

The CISIZE for your dataset will be calculated by the system to give you optimal DASD utilization which may not be the best CISIZE for performance. For this reason we do not recommend this allocation method for online databases.

//{yourdd} DD DSN={your.cluster.name},

//            DISP=(NEW,CATLG),

//            SPACE={(reclgth,(primqty,secqty))},AVGREC={U|K|M},

//            LRECL={nnnnn},

//            RECORG={KS|ES|RR|LS},

//***         if recorg=ks then you must include: KEYLEN={nnn},KEYOFF={nnnnn},

//            UNIT=DISK,

//            MGMTCLAS={bestmgmt},

//            VOL=SER={genvol}

//***        one of the following may be used for space and attribute info:

//            DATACLAS={bestdata} 

Coding example for  non-VSAM and non-ISAM with “DISP=NEW”:

 //{yourdd} DD DSN={your.dataset.name},

//            DISP=(NEW,CATLG),

//            SPACE={(reclgth,(primqty,secqty{,dirqty}))},AVGREC={U|K|M},

//            LRECL={nnnnn},

//            RECFM={aaa},

//            DSORG={aaa},

//            UNIT={DISK|TAPE},

//            MGMTCLAS={bestmgmt},

//***         if unit=tape and label>1 then must code: LABEL={nnnn},

//***                                                : VOL=REF={prev-label-dd},

//***         one of the following may be used for space and attribute info:

//***         DATACLAS={bestdata}

Comments Off on JCL Coding Examples

Sample Excel – SNMP Fireeye MIB

Posted in Networking (340),Sample - IT Spreadsheets - PowerPoints (251) by Guest on the January 18th, 2015

Free Excel document download

SNMP Fireeye MIB

Comments Off on Sample Excel – SNMP Fireeye MIB

Sample Word – Employee Member Agreement Receipt

Posted in Compliances (1300),O S (375) by Guest on the January 17th, 2015

Free Word document download

Employee Member Agreement Receipt

Comments Off on Sample Word – Employee Member Agreement Receipt

Sample Word – JCL Coding Recommendations

Posted in Compliances (1300),O S (375) by Guest on the January 16th, 2015

Free Word document download

JCL Coding Recommendations

Comments Off on Sample Word – JCL Coding Recommendations

Sample Word – MVS / Quick Reference Guide

Posted in Compliances (1300),O S (375) by Guest on the January 15th, 2015

Free Word document download

MVS / Quick Reference Guide

Comments Off on Sample Word – MVS / Quick Reference Guide

Sample Word – DBMS Data Security Standard

Posted in Compliances (1300),Security (1500) by Guest on the January 14th, 2015

Free Word document download

DBMS Data Security Standard

Comments Off on Sample Word – DBMS Data Security Standard

Sample Word – Courion to Remedy Functional Interface Requirements

Posted in Information Rights Management (100),Security (1500) by Guest on the January 13th, 2015
Comments Off on Sample Word – Courion to Remedy Functional Interface Requirements

Sample Word – IdM Curion Professional Services Design Document

Posted in Compliances (1300),Information Rights Management (100),Security (1500) by Guest on the January 12th, 2015

Sample Word document download

IdM Curion Professional Services Design Document

 

Comments Off on Sample Word – IdM Curion Professional Services Design Document

Sample Excel – Part2 Application Load Balancing Profile

Free Excel document download

Part2 Application Load Balancing Profile

 

Comments Off on Sample Excel – Part2 Application Load Balancing Profile

Sample Excel – DNS Change Form

Free Excel document download

 DNS Change Form

 

Comments Off on Sample Excel – DNS Change Form

Major aspects of Information Protection Requirements

There are a number of other potential resources providing additional direction.

Overview

  1. Data Protection Begins with You
  2. Data Security Classifications
  3. Securing Your Work Area and Connection
  4. Securing Information in a Mobile Environment
  5. Electronic Communications and Mail
  6. Social Engineering
  7. Social Media
  8. Reporting Security Incidents

 http://bestitdocuments.com/Services.html

 

Comments Off on Major aspects of Information Protection Requirements

Sample Visio – Simple New Hire Steps

Posted in Policies - Standards (600),Visio Samples - Stencils (457) by Guest on the January 7th, 2015
Comments Off on Sample Visio – Simple New Hire Steps

Corporate Security – Awareness

Posted in Compliances (1300),Security (1500) by Guest on the January 6th, 2015

Protecting customers, clients this overview provides you with the direction you need when it comes to protecting information.

This is the basics of the Global Information Security Standards and Policies, and the Enterprise Electronic Communications and Social Media Policies for Corporate which includes:

  • Identifying the purpose of information protection for Corporate and customers.
  • Identifying the use and purpose of data security classifications.
  • Identifying the components of a strong password.
  • Identifying how to access, store and destroy data properly.
  • Identifying the appropriate security management of electronic communications.
  • Recognize the signs and report incidents of social engineering practices.
  • Identifying appropriate practices in social media relating to your role with Corporate.
  • Identifying and report a security incident.

http://bestitdocuments.com/Services.html

 

Comments Off on Corporate Security – Awareness

Virtualization Overview Simplified

Posted in O S (375),Virtual - VMWare (30) by Guest on the January 5th, 2015

Virtualization is the process of abstracting computing resources

  • Multiple operating systems and application images share same physical server
    • Benefits include:
    • Cost of ownership
      • Hardware
      • Licensing
      • Power
      • Cooling
      • Space
    • Functionality
      • High Availability
      • Resource Management
      • Cloning
      • Migration
Comments Off on Virtualization Overview Simplified
Next Page »