Hello.

I'm going through my annual ritual trying to decide what presentation to submit for Unite. With Unite being virtual again this year, there is a diverse enough range of attendees, but it is still not clear to me how people go home and use the information they see in a presentation.

Recent Unite hot topics have been dealing with things like sftp, Multi-factor authentication and other security topics.

I'm leaning towards my experiences in dealing with how an MCP environment (software series and Libra-based) interacts with a security reporting infrastructure in our organization. Items such as reporting event data to Enterprise Log Collectors to send SUMLOG records to SYSLOG as well as other reporting and scanning requirements (PCI-DSS, FISMA, etc) are some topics I am considering.

Are there any other topics that come to mind that really need to be shared with the MCP community? I have gone the full spectrum from pure user implementation stories to detailed ALGOL++ discussions with ALGOL-based unit testing of structure blocks (what I call aUnit). Striking the right technical level of depth is always an issue as one never knows if the people attending are ALGOL types or more operational/management.

Regards,

Tom Schaefer
Better Software Solutions, Inc.

-------- Original Message --------
Subject: Unite MCP Presentations
From: Tom Schaefer <thomasmschaefer@gmail.com>
To:
Date: Thu Jul 15 2021 13:47:35 GMT-0700 (Pacific Daylight Time)

> Hello.
>
> I'm going through my annual ritual trying to decide what presentation to submit for Unite. With Unite being virtual again this year, there is a diverse enough range of attendees, but it is still not clear to me how people go home and use the information they see in a presentation.
>
> Recent Unite hot topics have been dealing with things like sftp, Multi-factor authentication and other security topics.
>
> I'm leaning towards my experiences in dealing with how an MCP environment (software series and Libra-based) interacts with a security reporting infrastructure in our organization. Items such as reporting event data to Enterprise Log Collectors to send SUMLOG records to SYSLOG as well as other reporting and scanning requirements (PCI-DSS, FISMA, etc) are some topics I am considering.
>
> Are there any other topics that come to mind that really need to be shared with the MCP community? I have gone the full spectrum from pure user implementation stories to detailed ALGOL++ discussions with ALGOL-based unit testing of structure blocks (what I call aUnit). Striking the right technical level of depth is always an issue as one never knows if the people attending are ALGOL types or more operational/management.
>
> Regards,
>
> Tom Schaefer
> Better Software Solutions, Inc.

Tom, I think the direction you are leaning would make an interesting and
useful talk. Anything that discusses practical applications or user/site
experience always generates a lot of interest and is usually well-attended.

I wouldn't worry about getting too technical -- you only have an hour,
and as long as there is enough background and business context for
less-technical management types to understand what you are trying to do
and why you are doing it that way, they can get something out of it and
take the red meat details back to people in the trenches. Examples,
sample code, and documentation references are especially important for
the latter.

You might also give a brief introduction to the types of formal
reporting and scanning requirements that your organization needs to
address. I for one don't know what PCI-DSS and FISMA are, or more
importantly, the impact they can have on MCP systems and applications.

Paul

Thanks Paul.

To answer a question, PCI is the Payment Card Institute. They set minimum standards for systems that use/store credit cards. Unisys even has a manual on answering the PCI requirements for an MCP environment: https://www.support.unisys.com/aseries/docs/ClearPath-MCP-19.0/38507315-009/38507315-009.pdf.. If one is not compliant, they can remove your ability to process credit cards via the typical clearinghouses.

An example of something that seems basic but can be ambiguous in an MCP environment is most security documents talk about system audits in terms of logs, But not too many years ago, people at our site used to answer questions about audits as if they were talking about DMSII audits. The ambiguity of the work audit sent the responses down the wrong rabbit hole. To the rest of the world, audits are logs and transactions logs are database journals (DMSII Audits). I realize DMSII predates this terminology.

I will flesh out an outline and see if I have enough useful info.

Thanks again,

Tom

> Tom, I think the direction you are leaning would make an interesting and
> useful talk. Anything that discusses practical applications or user/site
> experience always generates a lot of interest and is usually well-attended.
>
> I wouldn't worry about getting too technical -- you only have an hour,
> and as long as there is enough background and business context for
> less-technical management types to understand what you are trying to do
> and why you are doing it that way, they can get something out of it and
> take the red meat details back to people in the trenches. Examples,
> sample code, and documentation references are especially important for
> the latter.
>
> You might also give a brief introduction to the types of formal
> reporting and scanning requirements that your organization needs to
> address. I for one don't know what PCI-DSS and FISMA are, or more
> importantly, the impact they can have on MCP systems and applications.
>
> Paul

On Tuesday, July 20, 2021 at 7:05:36 PM UTC-4, Tom Schaefer wrote:
> Thanks Paul.
>
> To answer a question, PCI is the Payment Card Institute. They set minimum standards for systems that use/store credit cards. Unisys even has a manual on answering the PCI requirements for an MCP environment: https://www.support.unisys.com/aseries/docs/ClearPath-MCP-19.0/38507315-009/38507315-009.pdf. If one is not compliant, they can remove your ability to process credit cards via the typical clearinghouses.
>
> An example of something that seems basic but can be ambiguous in an MCP environment is most security documents talk about system audits in terms of logs, But not too many years ago, people at our site used to answer questions about audits as if they were talking about DMSII audits. The ambiguity of the work audit sent the responses down the wrong rabbit hole. To the rest of the world, audits are logs and transactions logs are database journals (DMSII Audits). I realize DMSII predates this terminology.
>
> I will flesh out an outline and see if I have enough useful info.
>
> Thanks again,
>
> Tom
> > Tom, I think the direction you are leaning would make an interesting and
> > useful talk. Anything that discusses practical applications or user/site
> > experience always generates a lot of interest and is usually well-attended.
> >
> > I wouldn't worry about getting too technical -- you only have an hour,
> > and as long as there is enough background and business context for
> > less-technical management types to understand what you are trying to do
> > and why you are doing it that way, they can get something out of it and
> > take the red meat details back to people in the trenches. Examples,
> > sample code, and documentation references are especially important for
> > the latter.
> >
> > You might also give a brief introduction to the types of formal
> > reporting and scanning requirements that your organization needs to
> > address. I for one don't know what PCI-DSS and FISMA are, or more
> > importantly, the impact they can have on MCP systems and applications.
> >
> > Paul

I am looking forward to a detailed presentation on the ClearPath MCP Extension Kit which integrates
Python into the MCP environment. It would be very useful to have actual use-cases that are being implemented.
Examples on how to put it all together, with documentation would be very useful.

Chai