Jason Ming Sun ICT Academic Systems University of South Africa Government CIO Summit Towards reducing costs of doing business in government.

Slides:



Advertisements
Similar presentations
SE Name SE Title Blackboard Training: Approaches and Opportunities.
Advertisements

UCSC History. UCSC: A brief history 60s University Placement Committee A lot of field trips/interaction with employers.
High level QA strategy for SQL Server enforcer
Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.
USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.
S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,
Enabling Responsible International Workplaces New FFC Partnership Model.
Secure Sockets Layer eXtended (SSLX) Next Generation Internet Security Overview Presentation April 2011.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
David A. Brown Chief Information Security Officer State of Ohio
Management’s Role in Information Security V.T. Raja, Ph.D., Oregon State University.
HIPAA Security Standards What’s happening in your office?
1 IS112 – Chapter 1 Notes Computer Organization and Programming Professor Catherine Dwyer Fall 2005.
Alliance for Strategic Technology (AST) SUNY Business Intelligence Initiative January 8, 2009.
Computer Security and Penetration Testing
Computer Security: Principles and Practice
Patching MIT SUS Services IS&T Network Infrastructure Services Team.
Effort in hours Duration Over Weeks Or Months Inception Launch Web Lifecycle Methodology Maintenance Phases Copyright Wonderlane Studios.
Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.
Accessibility, Integrity, & Confidentiality: Security Challenges for E-Business Rodney J. Petersen University of Maryland & Educause/Internet2 Security.
© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Security Strategies in Linux Platforms and.
Turkey IDA Info-Day PM Session, September 25, 2003 CIRCA 1 CIRCA : The IDA Collaborative Software Tool Grzegorz Ambroziewicz European Commission - DG Enterprise.
March 2006DSpace Federation Governance Advisory Board Meeting Open Source Software Governance Case Studies.
Implementing Sakai A Panel Discussion Feliz Gouveia, Magnus Tagesson, Michael Osterman, Josh Baron, Lance Speelmon.
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.
Roles and Responsibilities
The rSmart Group Kuali Days Successful Financial System Implementation Indianapolis April 11,
2 Overview With active participation from individuals and chapters all over the world, the Information Systems Security Association (ISSA)
Coordinating the IT in ITS Galen McGill, PE ITS Manager August 18, 2009.
Sakai Overview Sakai Conference: June 12-14, 2007 Amsterdam, NL.
Integrating Security Design Into The Software Development Process For E-Commerce Systems By: M.T. Chan, L.F. Kwok (City University of Hong Kong)
Security Architecture
2 Systems Architecture, Fifth Edition Chapter Goals Describe the activities of information systems professionals Describe the technical knowledge of computer.
SCSC 311 Information Systems: hardware and software.
1 Performing Procurement Due Diligence with an Open Source ERP?
IHSN International Household Survey Network Strategy for the Development of Data: Improve the Availability, Accessibility, and Quality of Survey Data Mahesh.
INFORMATION SECURITY & RISK MANAGEMENT SZABIST – Spring 2012.
Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.
Brent Mosher Senior Sales Consultant Applications Technology Oracle Corporation.
ERM or COLLEGE WIDE RISK MANAGEMENT - MADE EASY Financial Management Institute – June 6 th, 2007 Peter Lockie, Chief Financial Officer Camosun College.
June 5, Mission: to provide a basis for collaboration among its member schools, both in the sharing of information technology resources and in the.
Presented by Yasmin Al-bobo Supervise Dr.Issam El-Bohise E-COMMERCE & Internet Law Intranet.
1 The World Bank Internet Services Program Rajan Bhardvaj
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.
IMFO Annual Conference – 2015 S21: Good Governance & Oversight B2B.
CPS ® and CAP ® Examination Review OFFICE SYTEMS AND TECHNOLOGY, Fifth Edition By Schroeder and Graf ©2005 Pearson Education, Inc. Pearson Prentice Hall.
ITU CoE/ARB 11 th Annual Meeting of the Arab Network for Human Resources 16 – 18 December 2003; Khartoum - Sudan 1 The content is based on New OECD Guidelines.
Lesson 19-E-Commerce Security Needs. Overview Understand e-commerce services. Understand the importance of availability. Implement client-side security.
Working in Partnership
Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.
MOST DEMANDED COMPETENCES AND STUDY OF THE LABOUR MARKET Schools association for improving ICT vocational training Leonardo Da Vinci Partnership
Information Security in Laurier Grant Li Wilfrid Laurier University.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.
Free & Open Source Policy: South Africa Government CIO Summit Towards reducing costs of doing business in government and contributing towards achieving.
Chapter 1 Computer Technology: Your Need to Know
BruinTech Vendor Meet & Greet December 3, 2015
Summary of the Outcomes of the 1st AfriGEOSS Steering Committee Meeting Humbulani Mudau DST, South Africa 1st AfriGEOSS Symposium 27 – 29 April 2016.
Cyber Security Enterprise Risk Management: Key to an Organization’s Resilience Richard A. Spires CEO, Learning Tree International Former CIO, IRS and.
Description of Revision
INFORMATION SYSTEMS SECURITY and CONTROL
AppExchange Security Certification
How to Mitigate the Consequences What are the Countermeasures?
George Mason University
Increase and Improve your PC management with Windows Intune
Kovaion Consulting IT Services Portfolio Date : Apr-2015
{Project Name} Organizational Chart, Roles and Responsibilities
OU BATTLECARD: Oracle WebCenter Training
SHARE Special Project Enterprise Learning Management Pilot Project Planning/Implementation Certification December 17, 2014 Requesting Agency: Cassandra.
Presentation transcript:

Jason Ming Sun ICT Academic Systems University of South Africa Government CIO Summit Towards reducing costs of doing business in government and contributing towards achieving clean audit 1 Date: 29 May 2013

Commission 2 2 FOSS Security

Commission 2 3

Unisa 4

Community Source 5

Sakai is… 6

Sakai Community Model pilot, production Adopt code, resources Contribute practices, processes, tools and technology Share community, commercial Support 7

Sakai Community Model 8

Sakai Software Suite: CLE 9

Sakai Software Suite: OAE 10

Sakai Foundation 11 “ The Sakai Foundation has a [more] defined leadership structure in order to ensure that the Foundation's mission to support the community and software is fulfilled. Still, the Board is elected by the members of the community, specifically those institutions that are members of the Sakai Foundation. The Board, in turns, oversees the staffing and financial health of the Foundation. With this structure, the community truly leads the Foundation; the Foundation serves the Sakai community.”

Sakai is… 12

Sakai Security Policy 13 Sakai Foundation’s commitment to Information and Application Security Security Work Group Vulnerability Classification Security Advisory Protocol

Sakai Foundation Commitment 14 “Sakai is an open-source software initiative that promotes knowledge sharing and information transparency. However, when dealing with security vulnerabilities the integrity of existing Sakai installations can be compromised by the premature public disclosure of security threats before the Sakai Community has had time to analyze, develop and distribute countermeasures through private channels to institutions and organizations that have implemented Sakai software. Recognizing this danger, the Sakai Foundation has developed a security policy that seeks to safeguard the security of existing Sakai installations as well as provide full public disclosure of Sakai security vulnerabilities in a timely manner.”

Security Work Group 15 “The Sakai Community has instituted a Security Work Group (WG) composed of senior members of the community to respond to reports of security vulnerabilities and who operate using private channels of communication. Besides working to resolve known security vulnerabilities the Security WG will also operate in a pro-active manner, reviewing existing tools and services from a security perspective; defining Sakai security requirements; devising QA/testing models that identify potential security weaknesses; producing security-related documentation; and helping educate developers on web- related security vulnerabilities.”

Of interest… 16 Latest offer by a community member to help educate developers in terms of secure application development: 2 May 2013

Vulnerability Classification 17 Critical Risk – the possible exposure of data to unauthorized viewing, modification, deletion or acquisition as well as … data corruption Major Risk – attacks that could compromise the availability of Sakai or otherwise degrade system performance Minor Risk

Security Advisory Protocol Alert Sakai Foundation Partners and designated security contacts with known Sakai implementations

Security Advisory Protocol Alert the wider Sakai Community 1 Alert Sakai Foundation Partners and designated security contacts with known Sakai implementations

Security Advisory Protocol 20 3 Alert the Public 2 Alert the wider Sakai Community 1 Alert Sakai Foundation Partners and designated security contacts with known Sakai implementations

Of interest… 21 Last major vulnerability reported: 15 December 2011

General Security Guidelines 22 download IDE/Compiler/JDKFOSS CodeFOSS Binaries

General Security Guidelines 23 Download from source: – FOSS Binaries – FOSS Code – Compilers, Integrated Development Environments (IDE), Software Development Kits

General Security Guidelines 24 Verify authenticity of the site:

General Security Guidelines 25 Establish an update schedule for security patches at a operating system, application server and application software level. Manage change in your ICT environment according to governance frameworks including ITIL and CoBIT.

Cost factors 26

Cost factors 27 Financial resources – Optional partnership fees Human resources Physical resources

Sakai Foundation Partners Program 28 Sakai partners are paying members of the Sakai Foundation who provide the intellectual, human and financial capital necessary to support both the Foundation and the work of the community. Unisa is a Foundation Partner.

Sakai Foundation Membership Fee 29 Regular membership USD – (ZAR ) per year, renewable annually. Discounted membership USD for institutions with limited enrollments (less than 3000) – (ZAR ) per year, renewable annually.

Sakai Foundation Partners Program 30 Become a member if you want to: – Participate in foundation governance – Help determine priorities for the community – Collaborate in every phase of the software production process

Cost factors 31 Financial resources Human resources – Super User (train, support) – System Administrator (configure, implement) – Database Administrator (MySQL/Oracle) – Technical Contributor (develop in Java) Physical resources

Unisa’s ICT team 32 Financial resources Human resources – Super User/Trainer – Business Analyst – System Administrator/Integrator – Oracle Database Administrator – Java Software Analyst-Developer Physical resources

Cost factors 33 Financial resources Human resources Physical resources – Server hardware or hosting plans (cloud)

myUnisa tech architecture 34 Software load balancer [SSL end-point] Internet Firewall Virtualized app server Database server

myUnisa tech architecture 35 9 virtualized application servers – Ubuntu Linux Server LTS – Apache Tomcat 1 virtualized load balancer – Pound 1 physical database server – Oracle 11g

In Summary 36

FOSS Security Success Factors 37 FOSS Security Active Code Review Community Advisory Protocol Trust the Source Keep abreast with security patches and updates

Reference links 38 – search for “security policy”

Thank You 39

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.