Case Study

This section presents a case study of First Tennessee Bank (written by Bob Wicksel).
ctsfz
This section presents a case study of First Tennessee Bank (written by Bob Wicksel).
Data security is a key issue with the First Tennessee National Corporation. Computer information resources, whether in the form of programs or data, are viewed as corporate assets and therefore must be protected from either intentional, or more commonly unintentional, destruction and/or misuse.
CA Top Secret was selected by First Tennessee over IBM's RACF and CA-ACF2 because of ease of installation and low overhead requirements. CA Top Secret places no hooks into the z/OS operating system and is therefore independent of normal z/OS maintenance. It does, however, utilize the standard IBM RACF interface for inter-system communications.
Although the implementation of this package will necessitate many changes in our current environment, and the related procedures, every effort will be made to minimize disruption and loss of productivity.
Impact Areas
The implementation of CA Top Secret security will require both short and long term changes to our current operating environment.
In the short run, the immediate changes affecting current day-to-day activities are:
  • Limited, or restricted, access to previously available data and libraries.
  • Production problem resolution must now be coordinated with, and authorized by, production (3rd floor C/T) management.
  • Previously unenforceable standards will now be enforced.
The longer-term changes will include:
  • Major changes to existing library control function.
  • Formalized procedures for data access authority.
  • Enhancement to existing standards and addition of comprehensive standards.
  • Data security reviews of new or modified applications.
  • Data security reviews of new or modified hardware.
These changes will take time, but the potential benefits are substantial in terms of both asset protection and greater productivity due to a more standardized environment.