The Leading Educational Resource for IT Professionals

Book Review: IBM i Security Administration and Compliance, Second Edition



If you have only one book for security administration and compliance on the IBM i, this is the one you should have.


Reviewed by Patrick Botz


IBM i Security Administration and Compliance, Second Edition, the latest version of Carol Woodbury’s well-known IBM i security reference, starts with Carol laying out her goals for the book, which are to provide the reader with choices, practical implementation examples, insight into the appropriate security scheme for your organization, and time-saving tips. I think she hits the ball out of the park. Not only does the book provide valuable technical information, it also introduces the reader to fundamental concepts of information security management.


Every step of the security management process, from defining security policies through security audits and each step in between, is addressed. Security management needs to start with a definition of policies and, appropriately enough, the second chapter covers this topic.


The rest of the first half of the book describes each of the basic tools for administering security provided by the operating system. This will be useful to those who are new to the security administration job or who just need a reference guide. These sections of the book are full of advice for how to use the various options. They discuss in detail system-level security, user profiles, object-level security, IFS access control considerations, service tools, mechanisms for securing connectivity to and from the system, encryption, and more.


The second half of the book discusses ways that administrators can apply these tools (separately and together) to address real-world situations and problems. Carol provides numerous examples, options, and recommendations for many of the problems security administrators encounter in their day-to-day working life. This half of the book addresses implementing object-level security and role-based access control, analyzing application security and Internet security, achieving and maintaining compliance, and planning your organization’s response to a security incident—before you have to use it.


This is a great book for those who are just starting to learn about IBM i security management and those who face new compliance challenges. The book touches on every important aspect of these topics and presents them in a very readable, understandable format. It also provides examples, alternatives, and suggestions for a multitude of scenarios.


For those who are “old hands” at security administration on the IBM i, this book makes a great reference guide. There is so much to know about security administration. Nobody can know or remember it all. I even find myself going to the IBM Security Reference manual and then going to this book for a more practical description of some of the less often-used tools and options. If you have only one book for security administration and compliance on the IBM i, this is the one you should have.


Want more information about IBM i Security Administration and Compliance, Second Edition? Download sample book content here: (Click the “Look Inside the Book” tab.)


Also in Book Reviews

Book Review: Extract, Transform, and Load with SSIS


This book could easily be used as a teaching tool for students, interns, or even as a reliable resource for experienced SSIS developers to consult when they need an ETL refresher.

Continue Reading →

Book Review: 21st Century RPG: /Free, ILE, and MVC


Dave touches all the important buttons, and you’ll learn a lot with this book—even if you’re stuck in the 1980s RPG III world!

Continue Reading →

Book Review: Developing Business Applications for the Web--With HTML, CSS, JSP, PHP, ASP.NET, and JavaScript


The book breaks down the topic of business Web application development into three main sections. The first section covers static Web pages and the techniques used to develop these pages. The second section covers four popular programming languages in use today: JavaScript, PHP, ASP.NET, and JavaServer Pages (JSP). The third section covers topics that a Web developer needs to understand to develop successful Web applications.

Continue Reading →