html5-img
1 / 8

oasis-open

www.oasis-open.org. Jim Hietala Vice President, Security. 44 Montgomery Street Suite 960 San Francisco, CA 94104 USA Tel +1 303 495 3123 Cell +1 303 995 5387 j.hietala@opengroup.org www.opengroup.org. Security Forum Vision & Mission.

goro
Download Presentation

oasis-open

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. www.oasis-open.org Jim Hietala Vice President, Security 44 Montgomery Street Suite 960 San Francisco, CA 94104 USA Tel +1 303 495 3123 Cell +1 303 995 5387 j.hietala@opengroup.org www.opengroup.org

  2. Security Forum Vision & Mission • The Open Group: Boundaryless Information Flow, achieved through global interoperability in a secure, reliable and timely manner • The Open Group Security Forum: To facilitate the rapid development of secure architectures supporting boundaryless information flow through: • Development of industry standards, either independently or through co-operation (adopt, adapt, publish) • Developing guides, business rationales & scenarios, use cases • Developing reference and common system architectures, and support services • The Open Group also manages and supports the Jericho Forum

  3. IT Changes Affecting Security • Web 2.0 coming to most enterprises, like it or not • Consumerization of IT with mobile devices • Shift in user patterns – an increasing % of user logins are now contractors, consultants, and business partners • Perimeter security model proving ineffective at securing this evolving environment

  4. 7% of sites compromised automatically 7.7% of sites had a high severity detectable through scanning 9 of 10 sites have at least one serious vulnerability Average of 7 vulnerabilities/site Web Security Study Web Application Security Consortium, 2007, and White Hat Security, analysis of 600+ sites

  5. Security function interoperability- SAML, XACML, etc. Implementation level…ISO27002, PCI DSS, etc. Architecture – need for new standard security architecture describing information-centric vs. perimeter-centric security Security Standards Needs Exist at Multiple Levels…

  6. The Open Group Security Forum KeyAccomplishments Guides, White Papers: Security, Privacy, DRM, Identity Management, PKI, IdM Architectures, Security Design Patterns, Electronic Chattel Paper, Trust models, Common Core Identifiers Guides, White Papers: Information Security Strategy Standards: CDSA- Authentication API AZN-API- Authorization API UAS 12/2007: Integration of Network Applications Consortium Standards: XDAS- Distributed Audit Service APKI- Architecture for Public Key Encryption XSSO- Single Sign-On CDSA Standards: DCE- Distributed Computing Environment XBSS- Baseline Security Services XDSF- Distributed Security Framework GSS API- Generic Security Services

  7. The Open Group: Future Security Activities Continued support of Jericho Forum activities Ongoing standards work in these areas: Risk management taxonomy Secure Mobile Architectures Trust models XML platform compliance reporting Standard security architectures Initiating Security Practitioners Conferences Workshop approach to develop understanding and requirements around key emerging security issues such as Cloud Computing and Virtualization www.oasis-open.org

  8. Thank You!

More Related