BMC - Interskill Learning Mainframe Training

[email protected]

The World’s Most Delivered Mainframe Training
Search   Course Catalog  
Return to Catalog Home     Return to Curriculum Listing

Implementing Pervasive Encryption on z/OS – Expert Videos

Duration

1 hour

Overview

This expert video series introduces and discusses the types of z/OS data you should consider encrypting and the levels of encryption available. It begins by looking at full disk encryption, then moving to methods used for encrypting individual disk data sets. Information on encrypting other at-rest data residing on tape and the coupling facility is presented, as well as how unique data such as JES2 spool data sets, and database data can be secured. A look at in-flight data and how that is encrypted is also discussed. Finally, some best practice for determining which data you should encrypt is presented.

Audience

This course is suitable for system programmers and security specialists that need to identify how organizational data on z/OS is secured using pervasive encryption techniques.

Prerequisites

Successful completion of Interskill’s Cryptography course, or equivalent knowledge.

Objectives

After completing this course, the student will be able to:

  • Identify which data can be encrypted in a z/OS environment
  • Describe methods used to encrypt disk, tape, and coupling facility data
  • Explain how in-flight data is encrypted
  • Identify which data within your organization should be encrypted

Course Content

At Rest: Disk and Dataset

Disk Dataset Encryption Options
Physical Disk Encryption Keys
Enabling Disk Encryption
Data Not Protected with Disk Subsystem Encryption

Disk Dataset Encryption

Encrypting Individual Datasets Using z/OS Features
Using Key Labels
Using ICSF to Manage Cryptographic Keys
Assigning a Key Label
Disk Datasets that Cannot be Encrypted

At Rest: Tape and Coupling Facility

Reasons for Tape Encryption
Encryption Through the Tape Library Subsystem
Using Key Labels for Tapes
Encrypting Data in Coupling Facility Cache and List Structures

At Rest: Other Encryption

Encrypting Individual JES2 Spool Datasets
Database Data Encryption Options
Using SQL to Encrypt Specific Database Data
Other Vendor Products Providing Encryption Services

At Rest: Choosing Encryption

IBM Encryption Pyramid
Coverage and Granularity of Encryption

In-Flight

SSL/TLS Network Encryption
Java Secure Socket Extension (JSSE)
Application Transparent Transport Layer Security (AT-TLS)
VPN Using IPSec
OpenSSH
Encrypted SNA Sessions
IBM Z Fibre Channel Endpoint Security

At Rest: Disk and Dataset

Encryption Toolbox
Deciding What Encryption to Use
Identifying Encryption Already Available to Your Organization
Determining the Importance of Your Data

Search our catalog