Presentation is loading. Please wait.

Presentation is loading. Please wait.

Jason Ming Sun ICT Academic Systems University of South Africa Government CIO Summit Towards reducing costs of doing business in government.

Similar presentations


Presentation on theme: "Jason Ming Sun ICT Academic Systems University of South Africa Government CIO Summit Towards reducing costs of doing business in government."— Presentation transcript:

1 Jason Ming Sun ICT Academic Systems University of South Africa Government CIO Summit Towards reducing costs of doing business in government and contributing towards achieving clean audit 1 Date: 29 May 2013

2 Commission 2 2 FOSS Security

3 Commission 2 3

4 Unisa 4

5 Community Source 5

6 Sakai is… 6

7 Sakai Community Model pilot, production Adopt code, resources Contribute practices, processes, tools and technology Share community, commercial Support 7

8 Sakai Community Model 8

9 Sakai Software Suite: CLE 9

10 Sakai Software Suite: OAE 10

11 Sakai Foundation 11 “ The Sakai Foundation has a [more] defined leadership structure in order to ensure that the Foundation's mission to support the community and software is fulfilled. Still, the Board is elected by the members of the community, specifically those institutions that are members of the Sakai Foundation. The Board, in turns, oversees the staffing and financial health of the Foundation. With this structure, the community truly leads the Foundation; the Foundation serves the Sakai community.”

12 Sakai is… 12

13 Sakai Security Policy 13 Sakai Foundation’s commitment to Information and Application Security Security Work Group Vulnerability Classification Security Advisory Protocol

14 Sakai Foundation Commitment 14 “Sakai is an open-source software initiative that promotes knowledge sharing and information transparency. However, when dealing with security vulnerabilities the integrity of existing Sakai installations can be compromised by the premature public disclosure of security threats before the Sakai Community has had time to analyze, develop and distribute countermeasures through private channels to institutions and organizations that have implemented Sakai software. Recognizing this danger, the Sakai Foundation has developed a security policy that seeks to safeguard the security of existing Sakai installations as well as provide full public disclosure of Sakai security vulnerabilities in a timely manner.”

15 Security Work Group 15 “The Sakai Community has instituted a Security Work Group (WG) composed of senior members of the community to respond to reports of security vulnerabilities and who operate using private channels of communication. Besides working to resolve known security vulnerabilities the Security WG will also operate in a pro-active manner, reviewing existing tools and services from a security perspective; defining Sakai security requirements; devising QA/testing models that identify potential security weaknesses; producing security-related documentation; and helping educate developers on web- related security vulnerabilities.”

16 Of interest… 16 Latest offer by a community member to help educate developers in terms of secure application development: 2 May 2013

17 Vulnerability Classification 17 Critical Risk – the possible exposure of data to unauthorized viewing, modification, deletion or acquisition as well as … data corruption Major Risk – attacks that could compromise the availability of Sakai or otherwise degrade system performance Minor Risk

18 Security Advisory Protocol Alert Sakai Foundation Partners and designated security contacts with known Sakai implementations

19 Security Advisory Protocol Alert the wider Sakai Community 1 Alert Sakai Foundation Partners and designated security contacts with known Sakai implementations

20 Security Advisory Protocol 20 3 Alert the Public 2 Alert the wider Sakai Community 1 Alert Sakai Foundation Partners and designated security contacts with known Sakai implementations

21 Of interest… 21 Last major vulnerability reported: 15 December 2011

22 General Security Guidelines 22 download IDE/Compiler/JDKFOSS CodeFOSS Binaries

23 General Security Guidelines 23 Download from source: – FOSS Binaries – FOSS Code – Compilers, Integrated Development Environments (IDE), Software Development Kits

24 General Security Guidelines 24 Verify authenticity of the site:

25 General Security Guidelines 25 Establish an update schedule for security patches at a operating system, application server and application software level. Manage change in your ICT environment according to governance frameworks including ITIL and CoBIT.

26 Cost factors 26

27 Cost factors 27 Financial resources – Optional partnership fees Human resources Physical resources

28 Sakai Foundation Partners Program 28 Sakai partners are paying members of the Sakai Foundation who provide the intellectual, human and financial capital necessary to support both the Foundation and the work of the community. Unisa is a Foundation Partner.

29 Sakai Foundation Membership Fee 29 Regular membership USD – (ZAR ) per year, renewable annually. Discounted membership USD for institutions with limited enrollments (less than 3000) – (ZAR ) per year, renewable annually.

30 Sakai Foundation Partners Program 30 Become a member if you want to: – Participate in foundation governance – Help determine priorities for the community – Collaborate in every phase of the software production process

31 Cost factors 31 Financial resources Human resources – Super User (train, support) – System Administrator (configure, implement) – Database Administrator (MySQL/Oracle) – Technical Contributor (develop in Java) Physical resources

32 Unisa’s ICT team 32 Financial resources Human resources – Super User/Trainer – Business Analyst – System Administrator/Integrator – Oracle Database Administrator – Java Software Analyst-Developer Physical resources

33 Cost factors 33 Financial resources Human resources Physical resources – Server hardware or hosting plans (cloud)

34 myUnisa tech architecture 34 Software load balancer [SSL end-point] Internet Firewall Virtualized app server Database server

35 myUnisa tech architecture 35 9 virtualized application servers – Ubuntu Linux Server LTS – Apache Tomcat 1 virtualized load balancer – Pound 1 physical database server – Oracle 11g

36 In Summary 36

37 FOSS Security Success Factors 37 FOSS Security Active Code Review Community Advisory Protocol Trust the Source Keep abreast with security patches and updates

38 Reference links 38 https://confluence.sakaiproject.org – search for “security policy”

39 Thank You 39


Download ppt "Jason Ming Sun ICT Academic Systems University of South Africa Government CIO Summit Towards reducing costs of doing business in government."

Similar presentations


Ads by Google