introduction to the security forum
Download
Skip this Video
Download Presentation
Introduction to the Security Forum

Loading in 2 Seconds...

play fullscreen
1 / 8

Introduction to the Security Forum - PowerPoint PPT Presentation


  • 304 Views
  • Uploaded on

Jet Propulsion Laboratory California Institute of Technology 4800 Oak Grove Drive Pasadena, California 91109-8099 J. Steven Jenkins, Ph.D. Principal Engineer +1 818 354-6055 [email protected] Introduction to the Security Forum. What We Used to Do.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Introduction to the Security Forum' - Leo


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
introduction to the security forum

Jet Propulsion Laboratory

California Institute of Technology

4800 Oak Grove Drive

Pasadena, California 91109-8099

J. Steven Jenkins, Ph.D.

Principal Engineer

+1 818 354-6055

[email protected]

Introduction to the Security Forum

what we used to do
What We Used to Do
  • Security Standards Development
    • X/Open Basic Security Services (XBSS)
    • Common Data Security Architecture (CDSA)
      • With reference implementation
    • Authorization API (AZN API)
  • Work on PKI
    • Architecture (APKI)
    • DCE/PKI Integration
why we don t do that now
Why We Don’t Do That Now
  • Security standards development is well addressed by some other organizations
    • IETF, OASIS
  • Some high-profile standards did not achieve the desired uptake and effect
    • CDSA, AZN
  • There are significant challenges in security that are not being addressed anywhere on a systematic basis
classical security analysis
Classical Security Analysis
  • Classical model in a cartoon
    • Analyze threats
    • Analyze vulnerabilities
    • Analyze risks
    • Design and implement countermeasures
  • What’s wrong with the classical model?
    • It starts with bad things to prevent
    • It assumes all risk is bad
    • The result often prevents good things
our model is different
Our Model Is Different
  • We believe that security exists to ensure that business gets done according to policy
  • Policies are business-driven, for example:
    • Comply with the law because you want to stay in business
    • Respect your customers because you want to keep them
    • Understand your risks and make business decisions about which to accept and how
managing risk
Managing Risk
  • Risk is not necessarily a bad thing
    • Every business transaction carries risk
  • Some ways to deal with risk
    • Disclaim it
    • Transfer it by contract
    • Hedge against it
    • Insure against it
    • Accept it
  • Security helps you manage risk by design
active loss prevention
Active Loss Prevention
  • The Open Group has had an Active Loss Prevention Initiative for several years
  • It provides a framework for addressing IT issues related to risk and loss in the context of law, insurance, and business
  • The ALP Initiative is now integrated into the Security Forum
    • A welcome addition because their aims are the same as ours
summary
Summary
  • Our mission is to bridge the gap between business objectives and traditional “security” technology
    • Clear ways to talk about business security
    • Analytical tools to turn objectives into design
    • Identification of gaps in both understanding and technology
      • What are the emerging requirements?
    • Better understanding between buyers and suppliers of IT
ad