{"id":1685,"date":"2023-03-07T11:40:42","date_gmt":"2023-03-07T10:40:42","guid":{"rendered":"https:\/\/www.armonie.group\/how-to-choose-your-ibm-i-cybersecurity-consultant\/"},"modified":"2023-09-14T16:19:50","modified_gmt":"2023-09-14T14:19:50","slug":"how-to-choose-your-ibm-i-cybersecurity-consultant","status":"publish","type":"post","link":"https:\/\/www.armonie.group\/en\/how-to-choose-your-ibm-i-cybersecurity-consultant\/","title":{"rendered":"How to choose your IBM i cybersecurity consultant"},"content":{"rendered":"[et_pb_section fb_built=”1″ _builder_version=”4.14.8″ background_color=”#0c8dc9″ global_colors_info=”{}”][et_pb_row _builder_version=”3.25″ background_size=”initial” background_position=”top_left” background_repeat=”repeat” global_colors_info=”{}”][et_pb_column type=”4_4″ _builder_version=”3.25″ custom_padding=”|||” global_colors_info=”{}” custom_padding__hover=”|||”][et_pb_text _builder_version=”4.14.8″ text_font_size=”20px” header_font=”Poppins|700|||||||” header_text_align=”center” header_text_color=”#FFFFFF” header_font_size=”43px” header_2_font=”Poppins||||||||” header_2_text_align=”center” header_2_text_color=”#01013A” background_color=”RGBA(255,255,255,0)” background_size=”initial” background_position=”top_left” background_repeat=”repeat” custom_margin=”||-16px||false|false” custom_padding=”30px|30px||30px|false|false” global_colors_info=”{}”]

ID-INFO blog<\/b><\/h2>\n

<\/strong><\/p>[\/et_pb_text][et_pb_text _builder_version=”4.14.8″ text_font_size=”20px” header_font=”Poppins|700|||||||” header_text_align=”center” header_text_color=”#FFFFFF” header_font_size=”43px” background_color=”RGBA(255,255,255,0)” background_size=”initial” background_position=”top_left” background_repeat=”repeat” custom_padding=”30px|30px|30px|30px|false|false” global_colors_info=”{}”]

How to choose your
IBM i security consultant?<\/h1>\n

<\/strong><\/p>[\/et_pb_text][\/et_pb_column][\/et_pb_row][\/et_pb_section][et_pb_section fb_built=”1″ _builder_version=”3.22″ global_colors_info=”{}”][et_pb_row column_structure=”1_2,1_2″ _builder_version=”4.14.8″ _module_preset=”default” global_colors_info=”{}”][et_pb_column type=”1_2″ _builder_version=”4.14.8″ _module_preset=”default” global_colors_info=”{}”][et_pb_text _builder_version=”4.14.8″ text_text_color=”#000000″ text_font_size=”13px” text_line_height=”1.4em” background_color=”rgba(13,189,224,0.39)” background_size=”initial” background_position=”top_left” background_repeat=”repeat” custom_padding=”30px|30px|30px|30px|false|false” global_colors_info=”{}”]

<\/span><\/i><\/p>\n

<\/span><\/i><\/p>\n

<\/span><\/i><\/p>\n

Despite all the security advantages that an AS\/400 can offer, current attacks are forcing their owners to implement best practices for their organization: at stake is their ability to ensure continuous production, as well as the various legal risks associated with the possible loss of data. <\/span><\/i><\/p>\n

Bob Losey explains the point of view of Bruce Bading, IBM i security expert.<\/span><\/i><\/p>\n

<\/span><\/i><\/p>\n

With kind permission of Bob Losay. Jan. 2023<\/span><\/i><\/p>\n

<\/span><\/i><\/p>\n

<\/span><\/i><\/p>\n

<\/p>[\/et_pb_text][\/et_pb_column][et_pb_column type=”1_2″ _builder_version=”4.14.8″ _module_preset=”default” global_colors_info=”{}”][et_pb_image src=”https:\/\/www.armonie.group\/wp-content\/uploads\/2022\/12\/img_art_ibmi_failles_securite.jpg” title_text=”Man programming on a computer, office background” _builder_version=”4.14.8″ _module_preset=”default” filter_saturate=”0%” filter_sepia=”15%” global_colors_info=”{}”][\/et_pb_image][\/et_pb_column][\/et_pb_row][et_pb_row column_structure=”2_3,1_3″ _builder_version=”4.14.8″ background_size=”initial” background_position=”top_left” background_repeat=”repeat” global_colors_info=”{}”][et_pb_column type=”2_3″ _builder_version=”3.25″ custom_padding=”|||” global_colors_info=”{}” custom_padding__hover=”|||”][et_pb_text _builder_version=”4.14.8″ _module_preset=”default” text_text_color=”#000000″ header_2_font=”Poppins||||||||” header_2_text_color=”#000000″ header_3_font=”Poppins|300|||||||” header_3_text_color=”#000000″ global_colors_info=”{}”]

IBM i cybersecurity is one of the top priorities of the IBM users I talk to. I’m fortunate to have worked with Bruce Bading, a true IBM i security expert. With her permission, this is a modified reprint of another publication I wish to share. <\/b><\/p>\n

There are many options when it comes to cybersecurity consultants or managed security service providers. One way of assessing your choices is to ask what security best practices the consultant (or his company) recommends for setting up cyber defenses. Some best practices are driven by massive organizational teams or company results. However, there is another way to develop security guidelines by leveraging CIS controls and benchmarks through membership of CIS SecureSuite.<\/strong><\/p>\n

CIS Controls and CIS Benchmarks are security best practices that pave the way for improved defenses through a unique community consensus process. Working with many of the world’s security professionals, CIS develops global security guidance (CIS Controls) and technology-specific reinforcement configurations (CIS Benchmarks).<\/strong><\/p>\n

Let’s take a look at how Bruce Bading, President of BFB Consulting, uses his CIS SecureSuite membership to strengthen his customers’ cybersecurity. BFB Consulting provides cyber defense services to help organizations improve their cyber policies, compliance requirements and procedures.<\/strong><\/p>\n

 <\/p>\n

Implementing fundamental safety<\/h2>\n

With over 40 years’ experience in cybersecurity and regulatory compliance, Mr. Bading has seen the growth and development of various best practices. From his time as CFO of a major industrial company to his years of experience at IBM as a senior cybersecurity consultant, he has learned to leverage the resources of CIS SecureSuite. It relies on CIS Controls, CIS RAM (risk assessment method) and CIS Benchmarks to help customers operationalize fundamental safety. Mr Bading uses CIS-CAT Pro, a configuration assessment tool, to show his customers the security gaps in their configurations: “<\/span>CIS-CAT Pro is a really solid foundation on which you can address any customer and show them. Look, here’s what the Center for Internet Security tells us you need to do to lock down your systems. You can read what Tony Sager says – stop chasing the shiny stuff and get back to basics.<\/span><\/i>“.<\/span><\/p>\n

Bading has seen first-hand how some customers fall into the “glitter syndrome” and chase claims of technical greatness while ignoring basic best practice. “<\/span>\n We need to get back to fundamental safety<\/span>\n<\/i>“he insists. Part of this fundamental security includes implementing best practices such as CIS benchmarks and assessing compliance and adherence. Customers should ask whether consultants are members of CIS SecureSuite. If this is the case, they can ask to see their own CIS-CAT Pro results to identify any security gaps in the configuration. The consultant’s expertise can then help fill these gaps and address any remaining cybersecurity concerns.<\/span><\/span>

<\/p>\n

<\/span><\/span><\/p>\n

Safety in hybrid environments<\/h2>\n

Bading’s customers operate in hybrid environments, i.e. on both on-premise and cloud infrastructures. The important thing, says Bading, is to identify the criticality and confidentiality of each data element. It recommends that private information such as personally identifiable information (PII) or other confidential data be stored in a private cloud. For public data, a public cloud is sufficient. Secondly, it’s essential that organizations harden cloud environments, wherever they’re hosted. CIS provides security best practices for securely configuring cloud accounts and services on three of the leading providers:<\/span><\/p>\n