Download presentation
Presentation is loading. Please wait.
Published byFlora Evangeline Collins Modified over 9 years ago
1
www.oasis-open.org 44 Montgomery Street Suite 960 San Francisco, CA 94104 USA Tel +1 303 495 3123 Cell +1 303 995 5387 j.hietala@opengroup.org www.opengroup.org Jim Hietala Vice President, Security
2
Security Forum Vision & Mission l The Open Group: Boundaryless Information Flow, achieved through global interoperability in a secure, reliable and timely manner l The Open Group Security Forum: To facilitate the rapid development of secure architectures supporting boundaryless information flow through: n Development of industry standards, either independently or through co- operation (adopt, adapt, publish) n Developing guides, business rationales & scenarios, use cases n Developing reference and common system architectures, and support services l The Open Group also manages and supports the Jericho Forum
3
IT Changes Affecting Security n Web 2.0 coming to most enterprises, like it or not n Consumerization of IT with mobile devices n Shift in user patterns – an increasing % of user logins are now contractors, consultants, and business partners n Perimeter security model proving ineffective at securing this evolving environment
4
Web Security Study Web Application Security Consortium, 2007, and White Hat Security, analysis of 600+ sites n 7% of sites compromised automatically n 7.7% of sites had a high severity detectable through scanning n 9 of 10 sites have at least one serious vulnerability n Average of 7 vulnerabilities/site
5
Security Standards Needs Exist at Multiple Levels… n Security function interoperability- SAML, XACML, etc. n Implementation level…ISO27002, PCI DSS, etc. n Architecture – need for new standard security architecture describing information-centric vs. perimeter- centric security
6
Standards: CDSA- Authentication API AZN-API- Authorization API UAS Standards: DCE- Distributed Computing Environment XBSS- Baseline Security Services XDSF- Distributed Security Framework GSS API- Generic Security Services Standards: XDAS- Distributed Audit Service APKI- Architecture for Public Key Encryption XSSO- Single Sign-On CDSA Guides, White Papers: Security, Privacy, DRM, Identity Management, PKI, IdM Architectures, Security Design Patterns, Electronic Chattel Paper, Trust models, Common Core Identifiers The Open Group Security Forum Key Accomplishments 1995 1999 2003 2007 Guides, White Papers: Information Security Strategy 12/2007: Integration of Network Applications Consortium
7
www.oasis-open.org The Open Group: Future Security Activities n Continued support of Jericho Forum activities n Ongoing standards work in these areas: l Risk management taxonomy l Secure Mobile Architectures l Trust models l XML platform compliance reporting l Standard security architectures n Initiating Security Practitioners Conferences l Workshop approach to develop understanding and requirements around key emerging security issues such as Cloud Computing and Virtualization
8
Thank You!
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.