2012 Conference Dates and Times

Seven Educational Program Tracks

RACF Basic Administration (RBA)
RACF Basic Administration provides RACF training for security administrators, auditors and systems programmers new to RACF. This track starts with a RACF overview and goes through Group, User, Dataset and General Resource profile administration. Also covered are the RACF System-Wide Options and a topic on RACF Logging and Reporting. Perhaps the most powerful aspect of this track is the hands-on lab that is available to all attendees to reinforce the concepts presented during the breakout sessions. The track is a basic RACF course presented Tuesday morning through Thursday afternoon. All sessions, excluding hands-on labs must be completed to receive a Certificate of Achievement.

RACF Advanced Administration (RAA)
RACF Advanced Administration provides training for security administrators with a working knowledge of RACF. The topics presented focus on critical z/OS® functions and interfaces with components such as CICS®, DB2®, JES, and SDSF, as well as UNIX System Services. RACF Advanced Administration provides the knowledge necessary to ensure that these critical applications and subsystems are secured by RACF.

Advanced z/OS Security Techniques (AST)
The Advanced z/OS Security Techniques track focuses on the hottest topics necessary for z/OS® "techies" to survive in the rapidly changing world of security. With the number of emerging technical issues addressed in organizations today, many new sessions regarding the latest enhancements to the z/OS Security Server have been added. The IBM® developers who design and write the code will present many of the sessions. If you are a technician, systems programmer, systems analyst or consultant, you won't want to miss these exciting technical classes.

Compliance, Audit, Regulations and Standards (CAR)
Cyber security compliance, audits, standards and regulations impact everyone. Does your company do background checks or drug testing? Do they provide health insurance or medical spending accounts? Do you accept credit card payments? Does your company have accounts payable/ accounts receivable? Are you audited by the government? Do federal agencies outsource to you? If you answered "yes" to any of these questions, your company is subject to one or more of the myriad of government regulations.

Information security professionals face numerous challenges to meet FISMA, HIPAA, HITECH, SOX, the Cyber Security Enhancement Act and to pass audits. How do you comply? What do you need to know? Do you need to evaluate and adjust your information security management system (ISMS)? Do you know how to develop proactive techniques to anticipate and/or respond to the impacts of an ever-changing business landscape and evolving customer, technology, legal, and regulatory requirements?

Does your z/OS system meet the minimum required configuration controls? Do you conduct regular z/ OS System and RACF audits? Are you a third party provider for a federal agency?

If you answered "yes", you will want to attend the sessions which provide a comprehensive review of the mainframe configuration controls published by NIST and DHS in the NCP (National Checklist Program), and highlight use of standards and configuration controls to support compliance with regulations such as FISMA and HIPAA.

If you answered "yes" to any of the above questions, this track is for you. Learn the numerous security standards and their relevance to all computing environments.

Emerging Technologies & Techniques (ETT)
The Information Security world today is very dynamic, even if you primarily work in a mainframe environment. Smart devices, social networks, virtualization, cloud computing, malware and regulations are just a few areas impacting seasoned security professionals everywhere. Is there ever a chance to sit back and relax? This track is designed to educate you in areas that you have heard about but are new to you, or that you want to become more familiar with.

Vanguard Power Tools for Security
Are you leveraging all the power of your Vanguard software products to save time and money? Make the most of your investment by utilizing them to the "nth" degree. Let Vanguard's professional instructors lead you through the concepts to maximize your time and effort while performing the duties of a RACF security professional and demonstrate the unleveraged powers of each product. If you use any of the Vanguard products, you will find these sessions of particular interest.

CA Security Track (CAS)
This track provides training for security administrators, auditors or compliance personnel with the knowledge you need about the CA Security and Compliance Solutions. Topics include how-to sessions on CA Auditor for z/OS, securing DB2, leveraging your mainframe security databases in the distributed world as well as CA Mainframe Chorus for Security and Compliance Management and our latest products updates and roadmap for the CA Mainframe Security Solutions.

7 Full-Day Workshops - Monday, June 25th

FD1 Introduction To RACF

Bob Ubert | Vanguard Integrity Professionals
This session provides an overview of RACF. It is designed for those who are new to RACF and are responsible for security administration. Whether your interest is RACF administration, implementation or auditing, this session will lay the foundation you need for the rest of the week. Topics include an overview of RACF components; administering users, groups, and resources; using commands to define profiles; and delegating authority within RACF.

FD2 Implementing z/OS UNIX System Services Protection

John Hilman | Vanguard Integrity Professionals
This session focuses on the security needs of z/OS UNIX System Services (USS). It begins with an overview of UNIX security in general; discussing file permissions, file ownership, and Superuser functions. In addition, you will learn how RACF provides protection for UNIX files and directories. There will also be a discussion on UNIX daemons and servers. Learn how the OMVS segment should be defined in the user and group profiles and look at FACILITY class profiles for USS and UNIXPRIV profiles for Superuser granularity.

FD3 Digital Certificates - From Concept to Implementation

Wai Choi | IBM Corporation
Digital certificates have been widely used to authenticate and authorize secure interactions over the network. This session will first provide you the basics on X509 digital certificates illustrated through the z/OS RACF RACDCERT command and the z/OS System SSL gskkyman utility. We will discuss how to set up FTP with server authentication and client authentication. We will also explore the more advanced functions on Certificate Name Filtering and Host ID Mapping. PKI Services is another z/OS component providing digital certificate services. It is a complete digital certificate authority. We will introduce the full cycle certificate management provided by PKI Services. A hands - on lab will be provided to customize PKI Services and request and revoke certificates.

FD4 Preparing for an IT Audit of RACF and z/OS

Pat Diya | Acxiom and Edward Glagola Jr.
With the number and sophistication of security threats, it is even more important than ever to ensure proper controls are in place to protect the z/OS operating environment. In this full day session, students will learn RACF 'best practices', especially specific settings auditors expect. You'll also learn about areas within z/OS you want to protect. This class will help you to assess and learn ways to improve your company's overall z/OS security posture while also preparing you for what to expect in an audit. Since the z/OS environment does not exist in a vacuum, we will also look at some basic network and support infrastructure issues.

FD5A Cyber Security

(Pending)

FD5B Cloud Security

(Pending)

FD6A Effective Use of Vanguard Advisor™

Jim McNeill | Vanguard Integrity Professionals
If you have used the Vanguard Advisor, then you already know how easy it is to produce reports of your SMF data. However, do you know how to exploit all of the capabilities of the Vanguard Advisor? In this session, you will learn how to use masking and enhanced masking; use exception criteria; sort the columns of a report; easily select which extract file to use; use extract filtering to omit SMF records; switch between the extract file and live SMF data; select the various input source options for batch reports; tailor the report format for your needs; and use SmartLink to jump to the Administrator to edit RACF profiles.

FD6B Effective Use of Vanguard Administrator™

Doug Behrends | Vanguard Integrity Professionals
New to the RACF administration profession? Has your company recently acquired Administrator? Join us for an introduction to the functionality provided in the Vanguard Administrator. In this session, we'll introduce you to the basics of using Administrator and give you a high level overview of the wide variety of additional functions that can make you more efficient and productive in your day to day RACF administrative duties. Learn how Task Oriented Administration can help you perform those everyday processes more efficiently. We'll look at how to use masking and enhanced masking; use exception criteria; sort the columns of a report. This session will give you the basis so that you will get more out of the more advanced topics presented throughout the week.

FD7 The Martial Art of Security, Governance, Risk Management, and Compliance

Andrew Robinson | NMI
In the past few years, much has been made of integrated security, governance, risk management, and compliance, or SGRC for short. The problem with SGRC is that it falls under the category of "grand unified solutions" which are too general to be of practical use. As organizations invest more time and treasure in integrated SGRC, it has become increasingly important to focus the scope of such projects in a way that will yield real benefits to the organization.

I like to compare SGRC to martial arts. In martial arts, there is a huge body of knowledge that is more than anyone can master. Through repeated efforts you can eventually master a subset of this knowledge, and then build on that subset over time.

Part I: Governance
Part II: Risk Management
Part III: Compliance
Part IV: Security
Part V: Integrating SGRC
Part VI: Practices & Standards
Part VII: Effective SGRC program development & maintenance

The learning goals of this session are:
1. Establish working definitions of governance, risk management, and compliance. 2. Understand why security is a separate discipline but mutually supportive of governance, risk management, and compliance. 3. Understand the relationships between security governance, risk management, and compliance. 4. Learn the standards, practices, and ethics of integrated SGRC. 5. Create a focused SGRC program for your organization. 6. Implement and refine your SGRC program. 7. Avoid typical traps of SGRC, including The Technology Trap.

Welcome Reception
Monday, June 25th

Don’t miss the special Welcome Reception on Monday, June 25 from 6:00 pm to 8:00 pm. This event will feature live music and entertainment, cocktails, and gourmet appetizers.  It’s the perfect opportunity to network with your peers and other IT security experts from around the industry.

Roundtable Sessions
Tuesday, June 26th:  6:00 - 7:00 pm

Roundtable sessions enable you to connect with a panel of IT security experts and other security professionals that share the same interests or security challenges. These discussions allow you to share ideas, answers, approaches and information on selected topics.

Submit your Roundtable topic(s) to conference@go2vanguard.com

Final topics will be selected pre-conference and posted on the message board at the event.

IBM RACF Requirements Session
Tuesday, June 26th: 7:00 - 7:45 am & Wednesday, June 27th:  6:00 - 7:00 pm

This is your chance to be heard by IBM. The RACF user requirements session conducted at Vanguard Security & Compliance 2012 provides a unique opportunity for attendees to submit their recommendations for enhancements to the IBM® z/OS® Security Server (RACF). During RACF Requirements sessions, IBM developers of RACF will be available to discuss user requirements. The group will vote and prioritize the requirements then formally submit them to IBM for their analysis and official response.

If you would like to see enhancements made to RACF, submit your IBM RACF Requirement(s) to conference@go2vanguard.com or turn it in at the Vanguard Security & Compliance 2012 Registration/Information Desk onsite.

The final schedule for these meetings will be included in the registration packet you receive at conference.

DOWNLOAD PROGRAM BROCHURES

• Program Schedule
• Sessions Guide

Earn CPE Credits
Earn up to 39 Continuing Professional Education (CPE) credits for program sessions.  The number of CPE credits earned may vary by course, and are subject to the rules of the governing body that issues the title you have earned (e.g. (ISC) 2, ISACA, etc.). Typically attendees earn one CPE credit for every hour of training. Earning CPE credits by attending Vanguard Security & Compliance 2012 enables you to maintain your CISSP®, CISM or CISA certifications.  For individual course sessions, a Vanguard Integrity Professionals certificate of completion will be provided upon request.

Earn a Certificate of Completion
After attending Vanguard Security & Compliance 2012, we provide a certificate of course completion for the full-day Monday workshops. For individual course sessions, a certificate of completion will be provided upon request.