Implementing Pervasive Encryption on z/OS – Expert Videos

Duration

1 hour

Overview

This expert video series introduces and discusses the types of z/OS data you should consider encrypting and the levels of encryption available. It begins by looking at full disk encryption, then moving to methods used for encrypting individual disk data sets. Information on encrypting other at-rest data residing on tape and the coupling facility is presented, as well as how unique data such as JES2 spool data sets, and database data can be secured. A look at in-flight data and how that is encrypted is also discussed. Finally, some best practice for determining which data you should encrypt is presented.

Audience

This course is suitable for system programmers and security specialists that need to identify how organizational data on z/OS is secured using pervasive encryption techniques.

Prerequisites

Successful completion of Interskill’s Cryptography course, or equivalent knowledge.

Objectives

After completing this course, the student will be able to:

• Identify which data can be encrypted in a z/OS environment
• Describe methods used to encrypt disk, tape, and coupling facility data
• Explain how in-flight data is encrypted
• Identify which data within your organization should be encrypted

Course Content

Disk Dataset Encryption

Encrypting Individual Datasets Using z/OS Features
Using Key Labels
Using ICSF to Manage Cryptographic Keys
Assigning a Key Label
Disk Datasets that Cannot be Encrypted

At Rest: Other Encryption

Encrypting Individual JES2 Spool Datasets
Database Data Encryption Options
Using SQL to Encrypt Specific Database Data
Other Vendor Products Providing Encryption Services

In-Flight

SSL/TLS Network Encryption
Java Secure Socket Extension (JSSE)
Application Transparent Transport Layer Security (AT-TLS)
VPN Using IPSec
OpenSSH
Encrypted SNA Sessions
IBM Z Fibre Channel Endpoint Security