Download
introduction to the security forum n.
Skip this Video
Loading SlideShow in 5 Seconds..
Introduction to the Security Forum PowerPoint Presentation
Download Presentation
Introduction to the Security Forum

Introduction to the Security Forum

334 Views Download Presentation
Download Presentation

Introduction to the Security Forum

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Jet Propulsion Laboratory California Institute of Technology 4800 Oak Grove Drive Pasadena, California 91109-8099 J. Steven Jenkins, Ph.D. Principal Engineer +1 818 354-6055 steven.jenkins@jpl.nasa.gov Introduction to the Security Forum

  2. What We Used to Do • Security Standards Development • X/Open Basic Security Services (XBSS) • Common Data Security Architecture (CDSA) • With reference implementation • Authorization API (AZN API) • Work on PKI • Architecture (APKI) • DCE/PKI Integration

  3. Why We Don’t Do That Now • Security standards development is well addressed by some other organizations • IETF, OASIS • Some high-profile standards did not achieve the desired uptake and effect • CDSA, AZN • There are significant challenges in security that are not being addressed anywhere on a systematic basis

  4. Classical Security Analysis • Classical model in a cartoon • Analyze threats • Analyze vulnerabilities • Analyze risks • Design and implement countermeasures • What’s wrong with the classical model? • It starts with bad things to prevent • It assumes all risk is bad • The result often prevents good things

  5. Our Model Is Different • We believe that security exists to ensure that business gets done according to policy • Policies are business-driven, for example: • Comply with the law because you want to stay in business • Respect your customers because you want to keep them • Understand your risks and make business decisions about which to accept and how

  6. Managing Risk • Risk is not necessarily a bad thing • Every business transaction carries risk • Some ways to deal with risk • Disclaim it • Transfer it by contract • Hedge against it • Insure against it • Accept it • Security helps you manage risk by design

  7. Active Loss Prevention • The Open Group has had an Active Loss Prevention Initiative for several years • It provides a framework for addressing IT issues related to risk and loss in the context of law, insurance, and business • The ALP Initiative is now integrated into the Security Forum • A welcome addition because their aims are the same as ours

  8. Summary • Our mission is to bridge the gap between business objectives and traditional “security” technology • Clear ways to talk about business security • Analytical tools to turn objectives into design • Identification of gaps in both understanding and technology • What are the emerging requirements? • Better understanding between buyers and suppliers of IT