The Leading Educational Resource for IT Professionals

Book Review: IBM i Security Administration and Compliance, Second Edition


IBM i Security Administration and Compliance, Second EditionIBM i Security Administration and Compliance, Second Edition, the latest version of Carol Woodbury’s well-known IBM i security reference, starts with Carol laying out her goals for the book, which are to provide the reader with choices, practical implementation examples, insight into the appropriate security scheme for your organization, and time-saving tips. I think she hits the ball out of the park. Not only does the book provide valuable technical information, it also introduces the reader to fundamental concepts of information security management.


Every step of the security management process, from defining security policies through security audits and each step in between, is addressed. Security management needs to start with a definition of policies and, appropriately enough, the second chapter covers this topic.


The rest of the first half of the book describes each of the basic tools for administering security provided by the operating system. This will be useful to those who are new to the security administration job or who just need a reference guide. These sections of the book are full of advice for how to use the various options. They discuss in detail system-level security, user profiles, object-level security, IFS access control considerations, service tools, mechanisms for securing connectivity to and from the system, encryption, and more.


The second half of the book discusses ways that administrators can apply these tools (separately and together) to address real-world situations and problems. Carol provides numerous examples, options, and recommendations for many of the problems security administrators encounter in their day-to-day working life. This half of the book addresses implementing object-level security and role-based access control, analyzing application security and Internet security, achieving and maintaining compliance, and planning your organization’s response to a security incident—before you have to use it.


This is a great book for those who are just starting to learn about IBM i security management and those who face new compliance challenges. The book touches on every important aspect of these topics and presents them in a very readable, understandable format. It also provides examples, alternatives, and suggestions for a multitude of scenarios.


For those who are “old hands” at security administration on the IBM i, this book makes a great reference guide. There is so much to know about security administration. Nobody can know or remember it all. I even find myself going to the IBM Security Reference manual and then going to this book for a more practical description of some of the less often-used tools and options. If you have only one book for security administration and compliance on the IBM i, this is the one you should have.


Want more information about IBM i Security Administration and Compliance, Second Edition? Download sample book content on the book's page in the MC Press Bookstore (Click the “Look Inside the Book” tab.)


Reviewed by Pat Botz

Also in Bookstore News

Book Review: Customer Experience Analytics


Customer Experience AnalyticsBusinesses can use data on their customers to improve those customers' experience. In Customer Experience Analytics, Dr. Arvind Sathi gives precise, coherent advice that can help your organization create and optimize customer experience analytics.

Continue Reading →

Book Review: Flexible Input, Dazzling Output with IBM i


Today, it's all about input and output. Getting data into the IBM i from non-traditional sources and then displaying it back out again in varied formats. Flexible Input, Dazzling Output with IBM i gives programmers all they need to know to master this critical skill.

Continue Reading →

Book Review: Evolve Your RPG Coding--Move from OPM to ILE ... and Beyond


Evolve Your RPG Coding: Move from OPM to ILE ... and Beyond provides an amazingly comprehensive introduction to ILE RPG programming concepts while at the same time delivering enough technical detail to make you productive very quickly.

Continue Reading →