If you have security auditing turned on using the QAUDLVL system value, all invalid attempts to access data will be recorded to the security audit journal, including failed sign-on attempts.
OS/400 provides excellent control over user access to specific objects using object level security. You can check to see if any user profile has made repeated attempts to access an object to which they are not authorized.
It is important to check for invalid sign-on attempts on a regular basis to see if anyone has been trying to hack into a system by entering multiple user profile and password combinations.
Use the Compliance Monitor 'Invalid Sign-On Attempts' report to audit all invalid sign-on attempts.
COBIT DS5.4 - User Account Management
Ensure that requesting, establishing, issuing, suspending, modifying and closing user accounts and related user privileges are addressed by user account management. An approval procedure outlining the data or system owner granting the access privileges should be included.
ISO 27002 (17799) 11.2.4 - Review of user access rights
Management should review users' access rights at regular intervals using a formal process.
© 2010 The PowerTech Group, Inc.
All Rights Reserved