Home > Storage > PowerMax and VMAX > Mainframe > Dell PowerMax and DLm: Cyber Security for Mainframe Storage > zCID implementation strategy
Here is a zCID implementation strategy to provide customers increased awareness on atypical access rates for z/OS resources.
Let’s review the details of each of these steps.
First, when giving zCID z/OS resources to monitor (in the form of JCL control statements DEVICE_LIST, SMS_GROUP, SELECT DSN), it is important to give zCID only the resources you would want to monitor.
For step one, the goal is to capture access rates over a long period of time which will be used to deduce what access rates are normal within your z/OS environment. Allow zCID to collect data for one month.
For step two, take the data collected in step one, create the zCID reports, and begin to identify normal and abnormal access rates for the resources monitored. After you identify normal and abnormal access rates from the reports, start with step three to code and test your WARN statements. WARN statements generate WTOR or SYSLOG zCID warning messages about atypical behavior.
The last step is to run zCID continuously with the warning statements tested in step three. This now enables zCID to monitor the specified resources in your z/OS environment for atypical access rate behavior.