Presentation on theme: "Jason Ming Sun ICT Academic Systems University of South Africa Government CIO Summit Towards reducing costs of doing business in government."— Presentation transcript:
Jason Ming Sun ICT Academic Systems University of South Africa firstname.lastname@example.org Government CIO Summit Towards reducing costs of doing business in government and contributing towards achieving clean audit 1 Date: 29 May 2013
Sakai Foundation 11 “ The Sakai Foundation has a [more] defined leadership structure in order to ensure that the Foundation's mission to support the community and software is fulfilled. Still, the Board is elected by the members of the community, specifically those institutions that are members of the Sakai Foundation. The Board, in turns, oversees the staffing and financial health of the Foundation. With this structure, the community truly leads the Foundation; the Foundation serves the Sakai community.”
Sakai Security Policy 13 Sakai Foundation’s commitment to Information and Application Security Security Work Group Vulnerability Classification Security Advisory Protocol
Sakai Foundation Commitment 14 “Sakai is an open-source software initiative that promotes knowledge sharing and information transparency. However, when dealing with security vulnerabilities the integrity of existing Sakai installations can be compromised by the premature public disclosure of security threats before the Sakai Community has had time to analyze, develop and distribute countermeasures through private channels to institutions and organizations that have implemented Sakai software. Recognizing this danger, the Sakai Foundation has developed a security policy that seeks to safeguard the security of existing Sakai installations as well as provide full public disclosure of Sakai security vulnerabilities in a timely manner.”
Security Work Group 15 “The Sakai Community has instituted a Security Work Group (WG) composed of senior members of the community to respond to reports of security vulnerabilities and who operate using private channels of communication. Besides working to resolve known security vulnerabilities the Security WG will also operate in a pro-active manner, reviewing existing tools and services from a security perspective; defining Sakai security requirements; devising QA/testing models that identify potential security weaknesses; producing security-related documentation; and helping educate developers on web- related security vulnerabilities.”
Of interest… 16 Latest offer by a community member to help educate developers in terms of secure application development: 2 May 2013
Vulnerability Classification 17 Critical Risk – the possible exposure of data to unauthorized viewing, modification, deletion or acquisition as well as … data corruption Major Risk – attacks that could compromise the availability of Sakai or otherwise degrade system performance Minor Risk
Security Advisory Protocol 18 3 2 1 Alert Sakai Foundation Partners and designated security contacts with known Sakai implementations
Security Advisory Protocol 19 3 2 Alert the wider Sakai Community 1 Alert Sakai Foundation Partners and designated security contacts with known Sakai implementations
Security Advisory Protocol 20 3 Alert the Public 2 Alert the wider Sakai Community 1 Alert Sakai Foundation Partners and designated security contacts with known Sakai implementations
Of interest… 21 Last major vulnerability reported: 15 December 2011
General Security Guidelines 22 download IDE/Compiler/JDKFOSS CodeFOSS Binaries
General Security Guidelines 23 Download from source: – FOSS Binaries – FOSS Code – Compilers, Integrated Development Environments (IDE), Software Development Kits
General Security Guidelines 24 Verify authenticity of the site:
General Security Guidelines 25 Establish an update schedule for security patches at a operating system, application server and application software level. Manage change in your ICT environment according to governance frameworks including ITIL and CoBIT.
Sakai Foundation Partners Program 28 Sakai partners are paying members of the Sakai Foundation who provide the intellectual, human and financial capital necessary to support both the Foundation and the work of the community. Unisa is a Foundation Partner.
Sakai Foundation Membership Fee 29 Regular membership USD 10 000 – (ZAR 95 000) per year, renewable annually. Discounted membership USD 5 000 for institutions with limited enrollments (less than 3000) – (ZAR 47 250) per year, renewable annually.
Sakai Foundation Partners Program 30 Become a member if you want to: – Participate in foundation governance – Help determine priorities for the community – Collaborate in every phase of the software production process
Cost factors 31 Financial resources Human resources – Super User (train, support) – System Administrator (configure, implement) – Database Administrator (MySQL/Oracle) – Technical Contributor (develop in Java) Physical resources
Unisa’s ICT team 32 Financial resources Human resources – Super User/Trainer – Business Analyst – System Administrator/Integrator – Oracle Database Administrator – Java Software Analyst-Developer Physical resources
Cost factors 33 Financial resources Human resources Physical resources – Server hardware or hosting plans (cloud)
myUnisa tech architecture 34 Software load balancer [SSL end-point] Internet Firewall Virtualized app server Database server
myUnisa tech architecture 35 9 virtualized application servers – Ubuntu Linux Server LTS – Apache Tomcat 1 virtualized load balancer – Pound 1 physical database server – Oracle 11g