Audit and Assurance

Mainframe audit (Natural Security)

  • 1.  Mainframe audit (Natural Security)

    Posted 24 Feb, 2020 07:49
    Good day,

    I've worked through ISACA's Z/OS audit program and RACF security information available. However, I'm struggling to find information to wrap my mind around the menu driven access applied through Software AG's Natural Security (note; not Natural SAF Security). There seem to be segregation of duties between the management of RACF security and the Natural environment, so the person with the most access would be system engineer/developer.

    Is it correct to say that unauthorized direct access and changes to the database is not likely due to the relational file structure of Adabas?
    What risks would you focus on?

    Any ideas would be appreciated.

    Corlia Heystek
    IT Audit Manager