Download
introduction to the security forum n.
Skip this Video
Loading SlideShow in 5 Seconds..
Introduction to the Security Forum PowerPoint Presentation
Download Presentation
Introduction to the Security Forum

Introduction to the Security Forum

334 Vues Download Presentation
Télécharger la présentation

Introduction to the Security Forum

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Jet Propulsion Laboratory California Institute of Technology 4800 Oak Grove Drive Pasadena, California 91109-8099 J. Steven Jenkins, Ph.D. Principal Engineer +1 818 354-6055 steven.jenkins@jpl.nasa.gov Introduction to the Security Forum

  2. What We Used to Do • Security Standards Development • X/Open Basic Security Services (XBSS) • Common Data Security Architecture (CDSA) • With reference implementation • Authorization API (AZN API) • Work on PKI • Architecture (APKI) • DCE/PKI Integration

  3. Why We Don’t Do That Now • Security standards development is well addressed by some other organizations • IETF, OASIS • Some high-profile standards did not achieve the desired uptake and effect • CDSA, AZN • There are significant challenges in security that are not being addressed anywhere on a systematic basis

  4. Classical Security Analysis • Classical model in a cartoon • Analyze threats • Analyze vulnerabilities • Analyze risks • Design and implement countermeasures • What’s wrong with the classical model? • It starts with bad things to prevent • It assumes all risk is bad • The result often prevents good things

  5. Our Model Is Different • We believe that security exists to ensure that business gets done according to policy • Policies are business-driven, for example: • Comply with the law because you want to stay in business • Respect your customers because you want to keep them • Understand your risks and make business decisions about which to accept and how

  6. Managing Risk • Risk is not necessarily a bad thing • Every business transaction carries risk • Some ways to deal with risk • Disclaim it • Transfer it by contract • Hedge against it • Insure against it • Accept it • Security helps you manage risk by design

  7. Active Loss Prevention • The Open Group has had an Active Loss Prevention Initiative for several years • It provides a framework for addressing IT issues related to risk and loss in the context of law, insurance, and business • The ALP Initiative is now integrated into the Security Forum • A welcome addition because their aims are the same as ours

  8. Summary • Our mission is to bridge the gap between business objectives and traditional “security” technology • Clear ways to talk about business security • Analytical tools to turn objectives into design • Identification of gaps in both understanding and technology • What are the emerging requirements? • Better understanding between buyers and suppliers of IT