AP-Journal Application Security & Business Analysis

Part 1 Overview

Overview Application Security & Business Analysis tool Keeps managers constantly informed on database changes Produces reports on changes over numerous years Relax. AP-Journal Will Check it for You.

Features Reports- based on changes to business-critical application data Alerts (e.g. “Item price increased by more than 10%”) Keeps selected updates in intermediate storage for long periods Cross-application activity tracking (based on common identifiers in ERP, Finance, Shipment applications) Instantaneous access to data covering numerous years Used to meet regulatory requirements - SOX, HIPAA, PCI (Ensures only authorized programs update production data) Based on patent-pending technology Logging of Database Read Operations

What does IBM DB-Journal Support? If IBM DB-Journal is enabled, and functioning Use it to its best advantage with AP-Journal IBM DB-Journal is generally used for: Data integrity – handling commitment control to ensure that a transaction involving several updates is complete High Availability – enabling Hot Backup to ensure instantaneous access to updated business-critical application data Incremental backup – saving “before” and “after” images of file updates

AP-Journal Added Value Powerful Reports integrating data from multiple applications Quickly generates user-friendly printed/online reports from journals Real-time threshold-activated alerts No programming or changes to applications, no performance impact Effective storage of only user- selected data in special “containers” Flexible filters based on field data (e.g. Price increased by over 10%) ConvenientEfficient Reliable Cost-effective Adaptable

Alerts to Enforce Changing Business Rules and Policies Corporate management often changes customer and discount policies AP-Journal alerts ensure each salesperson handles only specific customers and doesn’t give customers discounts over a certain percentage Long-Term Reports Mortgage bank uses AP-Journal to monitor the long-term history of all changes made to loans Clerks have a user-friendly interface to produce “single-click” AP-Journal reports PCI Compliance Credit card company is required by PCI regulations & auditors to save many files Accumulates 10M entries per hour, but monitors and issues alerts on only 5K entries per day using AP-Journal advanced filtering capabilities Using AP-Journal Containers to Save Disk Space Company that needs weekly reports based on information from journal receivers Limited disk capacity won’t allow saving information from receivers for more than 1 day Uses AP-Journal Containers as temporary storage until weekly report is produced AP-Journal Real-Life Applications !

Part 2 Alert Scenario

Monday Morning Mr. Bryan Fields HR Audit Manager Insurance Company “OK… Let’s define salary thresholds. Assistants: Alert at over 10%...”

Three days later… Ms. Jane Smith Administrative Assistant Insurance Company “Finally… I got a 20% raise!”

One second later… Mr. Bryan Fields HR Audit Manager Insurance Company

At the Greenspan Residence “Dear… Shouldn’t we be done with our mortgage already? It’s been 35 years…” Mr. & Mrs. Greenspan Retired Senior Citizens

At the Bank Mr. Michael Hill Mortgage Consultant Mortgage Timeline: Greenspan family 15 Aug 1973 Mortgage start 1 Oct. 1975Change of interest rate +4% Mortgage frozen 30 Nov Mar 1992$15,000 installment 1 June 1978 Standard payment $800 Change of property 6 Jul nd mortgage added 1 Apr Apr 1996Guarantor replaced Standard payment $ Jan 2007 “In just a minute, I will produce a report that covers all the information about all 35 years of your mortgage: payments, interest rates, guarantors…”

Back at the Greenspan Residence “Goodness! All that information in a single report. This bank sure gives great service. “ Mr. & Mrs. Greenspan Retired Senior Citizens

Part 3 About AP-Journal

Facts about AP-Journal Based on IBM DB-Journal receivers Real-time – operates as soon as database update occurs No programming No maintenance – fully automated receivers and containers transfer, backup and removal Not Based on Triggers – no delay in application, works asynchronous to the application, can operate during off-peak hours Not intended to support QUADJRN (Security Audit Journal); for this see iSecurity/Audit

Content From either Receivers or Containers Processes information (Who, What, When…) Records changes to data (“transfer-to account” changed) Compares with previous value (Quantity decreased > 100) Covers dozens of years of application history Format Flexible filters, various levels of detail Timeline reporting Online – enables extension of filters Printed – upon request or via included Scheduler ed- in PDF or HTML formats 17 Reporting Features

Alerts Features Content Real-time Threshold-activated Enables defining complex rules Supports comparison to group of items Fully editable message with field values Field values appear in Before/After images Format including alert details Message queue with alert details CL script with access to event fields

Business Analysis Features Patent Pending Traces customer activities throughout all applications: Mortgage bank: reports containing timeline of all mortgage activity (payments, returns, guarantors) across 7 years Insurance Company: reports integrating data from policy, collection, claims and accounting applications Accesses data exceptionally fast Special-purpose Containers store and index customer-selected business items for quick retrieval Can also function based upon the IBM Journal Receivers

Part 4 Technology

Time Operation DB Loan No. Output Business Analysis: Integrating Data from Multiple Databases Loan No. 1 Interest RatesGuarantorsPayments ScreenReport Loan No. field is identified in all databases & indexed All changes to Loan No. 1 are integrated into a single report Interest Payments Guarantors Payment Interest Payments 20 Apr Jan Feb Mar Jun May 08 Update Add Change Update

Alert After AP-Journal Technical Overview Receivers ScreenPrint-out Long-time storage for critical data & HTML Alert Before DB1DB2DB3 Reporting System Reporting System Processing of Receivers in Real time (or at night) CD EF GG Journal DB-Reads B A Containers Business Items

Annotation of Technical Overview A.DB changes are journaled into journal receivers using OS/400 facilities. B.Read access actions are added to journal receivers. This unique AP- Journal feature allows for filtering only the necessary Reads. C.For performance purposes, AP-Journal reads only the required files from the journal receivers. D.Alerts can be generated using strong filtering capabilities; alerts sent as operator messages, SMS, SYSLOG, etc. E.Important journaled data is kept for long periods in database files which are protected and emulate journal receivers. F.Alerts on data stored in containers; alerts sent as in 4 above. G.Single report definition can run on either journal receivers or containers.

Technical Features *BEFORE / *AFTER journal types Remote Journal Performance optimized for High Availability (HA) Journals containing tens of millions of entries Operates in parallel to HA software Automatic exchange of Journal Receivers Automatic exchange of Containers (AP-Journal’s proprietary database) Automatic backup of containers Tracking offline containers

AP-Journal Filtering Capabilities Column "BEFORE=B" in the previous slide is used to specify if the field value to be compared is the value Before or After the field update. Further explanations to the line in the previous slide beginning “Test:” : EQ NE LE GE LT GT are standard Boolean operators N/LIST checks whether the field value appears in the supplied list of values N/LIKE checks if the field value resembles the value entered. If the % wildcard (signifying any number of characters) is not the first character, the value to be compared is position specific (i.e. the first character in the field will be compared to the first character specified in the filter condition). N/START checks that the field value does not begin with the characters entered

AP-Journal Filtering Capabilities Explanations Continued: N/ITEM checks if the field value appear as an item in the GROUP/MEMBER specified N/SAME checks that the Before and After values are the same DIFxx checks if the difference between the Before and After values as entered in the Value column complies with the Boolean operator xx (EQ, NE, LE, etc.) DIF%xx checks if the difference in percentage between the Before and After values as entered in the Value column complies with the Boolean operator xx (EQ, NE, LE, etc.)

Either price or quantity differences of more than 10% will trigger this event. AP-Journal Filtering Interface Both header (pink) and fields (black) can be filtered. Not “RR” in Entry field, enabling filter of Reads in addition to Deletes, Updates, etc. See explanation on following slides.

Part 5 About AP-Journal

Alert Conditions Screen Generate an Alert if the Quantity increases by more than 15% or if the Price drops by more than $20

Alert Message Definition Screen Define a Generic Alert message

Alert Recipient & Format Define who receives alerts and in what format ( , message queue, etc.)

Optional Alert Action Script Capture the offending users’ screens over 5 minutes and terminate their session

Display of Database Update Display data before & after any changes which were made from a specific IP address

Full Report Displaying All Changes Printable report highlighting the before & after data in fields which were changed

Please visit us at Thank You!