introduction to the security forum l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Introduction to the Security Forum PowerPoint Presentation
Download Presentation
Introduction to the Security Forum

Loading in 2 Seconds...

play fullscreen
1 / 8

Introduction to the Security Forum - PowerPoint PPT Presentation


  • 318 Views
  • Uploaded on

Jet Propulsion Laboratory California Institute of Technology 4800 Oak Grove Drive Pasadena, California 91109-8099 J. Steven Jenkins, Ph.D. Principal Engineer +1 818 354-6055 steven.jenkins@jpl.nasa.gov. Introduction to the Security Forum. What We Used to Do.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

Introduction to the Security Forum


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
    Presentation Transcript
    1. Jet Propulsion Laboratory California Institute of Technology 4800 Oak Grove Drive Pasadena, California 91109-8099 J. Steven Jenkins, Ph.D. Principal Engineer +1 818 354-6055 steven.jenkins@jpl.nasa.gov Introduction to the Security Forum

    2. What We Used to Do • Security Standards Development • X/Open Basic Security Services (XBSS) • Common Data Security Architecture (CDSA) • With reference implementation • Authorization API (AZN API) • Work on PKI • Architecture (APKI) • DCE/PKI Integration

    3. Why We Don’t Do That Now • Security standards development is well addressed by some other organizations • IETF, OASIS • Some high-profile standards did not achieve the desired uptake and effect • CDSA, AZN • There are significant challenges in security that are not being addressed anywhere on a systematic basis

    4. Classical Security Analysis • Classical model in a cartoon • Analyze threats • Analyze vulnerabilities • Analyze risks • Design and implement countermeasures • What’s wrong with the classical model? • It starts with bad things to prevent • It assumes all risk is bad • The result often prevents good things

    5. Our Model Is Different • We believe that security exists to ensure that business gets done according to policy • Policies are business-driven, for example: • Comply with the law because you want to stay in business • Respect your customers because you want to keep them • Understand your risks and make business decisions about which to accept and how

    6. Managing Risk • Risk is not necessarily a bad thing • Every business transaction carries risk • Some ways to deal with risk • Disclaim it • Transfer it by contract • Hedge against it • Insure against it • Accept it • Security helps you manage risk by design

    7. Active Loss Prevention • The Open Group has had an Active Loss Prevention Initiative for several years • It provides a framework for addressing IT issues related to risk and loss in the context of law, insurance, and business • The ALP Initiative is now integrated into the Security Forum • A welcome addition because their aims are the same as ours

    8. Summary • Our mission is to bridge the gap between business objectives and traditional “security” technology • Clear ways to talk about business security • Analytical tools to turn objectives into design • Identification of gaps in both understanding and technology • What are the emerging requirements? • Better understanding between buyers and suppliers of IT