We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byLiam Leavins
Modified over 2 years ago
04 October 2006 © 2006 Rhye Internet Solutions Limited 1 Open Source Security Is Open Source software more or less secure than proprietary equivalents? Peter SJF Bance CEng MBCS CITP Technical Director, Rhye Internet Solutions Limited CESG and BCS Listed Security Adviser firstname.lastname@example.org
204 October 2006© 2006 Rhye Internet Solutions Limited The Arguments Secure coding practices Code audit / review Developer motivation / integrity Vendor liability / commitment Distribution mechanisms Vulnerability alerting / patching Ownership, updates and maintenance Security through secrecy (obfuscation)
304 October 2006© 2006 Rhye Internet Solutions Limited So who is right?
404 October 2006© 2006 Rhye Internet Solutions Limited Clearly, this is a grey area… The Open/Closed source decision will need to be made based on your situation, taking into account such factors as: Corporate policy Corporate policy Reliability requirements Reliability requirements Maintainability Maintainability Security requirements Security requirements In-house knowledge and skills In-house knowledge and skills
504 October 2006© 2006 Rhye Internet Solutions Limited The question: Is Open Source software more or less secure than proprietary equivalents? The answer? This will depend on your specific situation.
604 October 2006© 2006 Rhye Internet Solutions Limited We need a different approach…
704 October 2006© 2006 Rhye Internet Solutions Limited Risk Assessment 1.Information Assets (value/impact) – Confidentiality, Integrity & Availability 2.Business Domains (interconnectivity) 3.Attack groups 4.Capability / Motivation ≡ Threat 5.Compromise Paths 6.Opportunity / Deterrence ≡ Likelihood Is the resultant risk acceptable?
804 October 2006© 2006 Rhye Internet Solutions Limited Only by assessing the risks associated with each individual requirement can we decide whether the “right” solution involves Open or Closed Source products.
904 October 2006© 2006 Rhye Internet Solutions Limited Summary There is no simple answer to the question of whether Open or Closed Source is more secure, and it may be dangerous to generalise. It is therefore wise to approach this issue on a per-project basis, founded on a realistic and pragmatic assessment of the business, technical and security risks involved. business, technical and security risks involved.
1004 October 2006© 2006 Rhye Internet Solutions Limited Further Information On Google (www.google.com): www.google.com “open source” closed or proprietary research research quantify quantify empirical email@example.com
SEC835 Database and Web application security Information Security Architecture.
IT Security CS5493(74293). IT Security Q: Why do you need security? A: To protect assets.
Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.
Risk Management. Define risk management, risk identification, and risk control Understand how risk is identified and assessed Assess risk based on probability.
1 Process Engineering A Systems Approach to Process Improvement Jeffrey L. Dutton Jacobs Sverdrup Advanced Systems Group Engineering Performance Improvement.
Bank Audit. Internal Audit Internal audit is an independent, objective assurance activity and can give valuable insight in providing assurance that major.
Agenda COBIT 5 Product Family Information Security COBIT 5 content Chapter 2. Enabler: Principles, Policies and Frameworks. Chapter 3. Enabler: Processes.
Alaa Mubaied Introduction Organizations must design and create safe environments in which business processes and procedures can.
1 ISO/IEC Information Technology – Guidelines for the Management of IT Security 普華資安股份有限公司 報告人：蔡興樺
Energize Your Workflow! ©2006 Merge eMed. All Rights Reserved User Group Meeting “Energize Your Workflow” May 7-9, Security.
The decision of whether to establish and maintain an internal audit function or outsource the function should be made by the company’s.
Multi-faceted Cyber Security Research Group edited strategy.
International Security Management Standards. BS ISO/IEC 17799:2005 BS ISO/IEC 27001:2005 First edition – ISO/IEC 17799:2000 Second edition ISO/IEC 17799:2005.
1 Secure Your Business PATCH MANAGEMENT STRATEGY.
1 Session 3 – Information Security Policies. 2 General - background How to establish security requirements –Risk assessments –Legal, statutory requirements.
April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch February 4, 2010.
Information Security: Model, Process and Outputs Presentation to PRIA WG November 10, 2006.
Principles of Information Security, Fourth Edition Risk Management Ch4 Part I.
Visual 3. 1 Lesson 3 Risk Assessment and Risk Mitigation.
Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA © 2002 Carnegie.
EECS David C. Chan1 Computer Security Management Session 1 How IT Affects Risks and Assurance.
Sapient Insurance Partners. Overview & Services We have almost four decades of combined experience in the property & casualty insurance and reinsurance.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
Copyright Security-Assessment.com 2004 Vulnerability Management Explained By Peter Benson.
SOA-39: Securing Your SOA Francois Martel Principal Solution Engineer Mitigating Security Risks of a De-coupled Infrastructure.
1 Using CobiT to Enhance IT Security Governance LHS © John Mitchell John Mitchell PhD, MBA, CEng, CITP, FBCS, MBCS, FIIA, CIA, CISA, QiCA, CFE LHS Business.
Summary Device protocols tied intimately to applications. A need to significantly reduce critical data update times. Current network bandwidth consumption.
Presenting The Broker-Dealer Certification Tool The Compliance Department Inc. Broker Dealer Compliance Consultants Compliance SCORE Powered by Keane BRMS.
Slide 1 Using Models Introduced in ISA-d Standard: Security of Industrial Automation and Control Systems (IACS) Rahul Bhojani ISA SP99 WG4 Meeting.
Cyber Security & Fraud – The impact on small businesses.
IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.
Appendix C: Designing an Operations Framework to Manage Security.
CSCE 548 Secure Software Development Security Operations.
1 Pertemuan 9 Network Security and E-Commerce Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi: >
SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics SAFE Blueprint Overview Achieving the Balance Defining Customer Expectations Design.
Alignment of COBIT to Botswana IT Audit Methodology.
PATCH MANAGEMENT: Issues and Practical Solutions Presented by: ISSA Vancouver Chapter March 4, 2004.
ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:
Chapter 11: Policies and Procedures Security+ Guide to Network Security Fundamentals Second Edition.
Introducing Computer and Network Security Chapter 1.
Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.
ICT6221 Chapter 5 IT Processes Paula Goulding. ICT6222 Chapter Outline Number of processes in IT Strategic, Tactical, and Operational layers of IT.
PROPRIETARY VS. FREE/OPEN SOURCE SOFTWARE by: Brett Rowland.
What Can Go Wrong During a Pen-test? Effectively Engaging and Managing a Pen-test.
© 2017 SlidePlayer.com Inc. All rights reserved.