Presentation is loading. Please wait.

Presentation is loading. Please wait.

44 Montgomery Street Suite 960 San Francisco, CA 94104 USA Tel +1 303 495 3123 Cell +1 303 995 5387

Published byFlora Evangeline Collins Modified over 8 years ago

Similar presentations

Presentation on theme: "44 Montgomery Street Suite 960 San Francisco, CA 94104 USA Tel +1 303 495 3123 Cell +1 303 995 5387"— Presentation transcript:

1 www.oasis-open.org 44 Montgomery Street Suite 960 San Francisco, CA 94104 USA Tel +1 303 495 3123 Cell +1 303 995 5387 j.hietala@opengroup.org www.opengroup.org Jim Hietala Vice President, Security

2 Security Forum Vision & Mission l The Open Group: Boundaryless Information Flow, achieved through global interoperability in a secure, reliable and timely manner l The Open Group Security Forum: To facilitate the rapid development of secure architectures supporting boundaryless information flow through: n Development of industry standards, either independently or through co- operation (adopt, adapt, publish) n Developing guides, business rationales & scenarios, use cases n Developing reference and common system architectures, and support services l The Open Group also manages and supports the Jericho Forum

3 IT Changes Affecting Security n Web 2.0 coming to most enterprises, like it or not n Consumerization of IT with mobile devices n Shift in user patterns – an increasing % of user logins are now contractors, consultants, and business partners n Perimeter security model proving ineffective at securing this evolving environment

4 Web Security Study Web Application Security Consortium, 2007, and White Hat Security, analysis of 600+ sites n 7% of sites compromised automatically n 7.7% of sites had a high severity detectable through scanning n 9 of 10 sites have at least one serious vulnerability n Average of 7 vulnerabilities/site

5 Security Standards Needs Exist at Multiple Levels… n Security function interoperability- SAML, XACML, etc. n Implementation level…ISO27002, PCI DSS, etc. n Architecture – need for new standard security architecture describing information-centric vs. perimeter- centric security

6 Standards: CDSA- Authentication API AZN-API- Authorization API UAS Standards: DCE- Distributed Computing Environment XBSS- Baseline Security Services XDSF- Distributed Security Framework GSS API- Generic Security Services Standards: XDAS- Distributed Audit Service APKI- Architecture for Public Key Encryption XSSO- Single Sign-On CDSA Guides, White Papers: Security, Privacy, DRM, Identity Management, PKI, IdM Architectures, Security Design Patterns, Electronic Chattel Paper, Trust models, Common Core Identifiers The Open Group Security Forum Key Accomplishments 1995 1999 2003 2007 Guides, White Papers: Information Security Strategy 12/2007: Integration of Network Applications Consortium

7 www.oasis-open.org The Open Group: Future Security Activities n Continued support of Jericho Forum activities n Ongoing standards work in these areas: l Risk management taxonomy l Secure Mobile Architectures l Trust models l XML platform compliance reporting l Standard security architectures n Initiating Security Practitioners Conferences l Workshop approach to develop understanding and requirements around key emerging security issues such as Cloud Computing and Virtualization

8 Thank You!

Download ppt "44 Montgomery Street Suite 960 San Francisco, CA 94104 USA Tel +1 303 495 3123 Cell +1 303 995 5387"

Similar presentations

Impacts of 3 rd Party IaaS on broadband network operations and businesses Prabhat Kumar Managing Partner, i 3 m 3 Solutions.

Impacts of 3 rd Party IaaS on broadband network operations and businesses Prabhat Kumar Managing Partner, i 3 m 3 Solutions.
Overview of Web Services

Overview of Web Services
Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
Xavier Verhaeghe Vice President Oracle Security Solutions

Xavier Verhaeghe Vice President Oracle Security Solutions
Www.cloudsecurityalliance.org Copyright © 2011 Cloud Security Alliance Trusted Cloud Initiative Work Group Session.

Copyright © 2011 Cloud Security Alliance Trusted Cloud Initiative Work Group Session.
Building an Operational Enterprise Architecture and Service Oriented Architecture Best Practices Presented by: Ajay Budhraja Copyright 2006 Ajay Budhraja,

Building an Operational Enterprise Architecture and Service Oriented Architecture Best Practices Presented by: Ajay Budhraja Copyright 2006 Ajay Budhraja,
The Open Group: An Introduction Interoperable Informatics Infrastructure Consortium May 6th, 2003 Your Name Title Mobile +1 415 999 9999 GSM +44 7771 999999.

The Open Group: An Introduction Interoperable Informatics Infrastructure Consortium May 6th, 2003 Your Name Title Mobile GSM
Collaboration Oriented Architecture COA Position Paper An Overview Adrian Seccombe Board of Management, Jericho Forum ® CISO & Snr Enterprise Information.

Collaboration Oriented Architecture COA Position Paper An Overview Adrian Seccombe Board of Management, Jericho Forum ® CISO & Snr Enterprise Information.
Open Workshop on e-Infrastructures, Helsinki October 4 – 5, 2006 Roadmap Parallel Session on last chapter of e-IRG Roadmap: Crossing the Boundaries of.

Open Workshop on e-Infrastructures, Helsinki October 4 – 5, 2006 Roadmap Parallel Session on last chapter of e-IRG Roadmap: Crossing the Boundaries of.
Generic AAA model in Grids IRTF - AAAARCH meeting IETF 52 – Dec 14 th Salt Lake City Leon Gommans Advanced Internet Research Group.

Generic AAA model in Grids IRTF - AAAARCH meeting IETF 52 – Dec 14 th Salt Lake City Leon Gommans Advanced Internet Research Group.
Insight Consulting Siemens Identity Management Survey Conducted April – June 2007 Info

Insight Consulting Siemens Identity Management Survey Conducted April – June 2007 Info
This paper states that one of the major problem to the adoption of cloud computing is that of security.  Existing cloud computing problem or concerns.

This paper states that one of the major problem to the adoption of cloud computing is that of security.  Existing cloud computing problem or concerns.
Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Single-Sign On and Federated Identity.

Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Single-Sign On and Federated Identity.
Cloud Usability Framework

Cloud Usability Framework
Esri UC2013. Technical Workshop. Technical Workshop 2013 Esri International User Conference July 8–12, 2013 | San Diego, California Building Secure Applications.

Esri UC2013. Technical Workshop. Technical Workshop 2013 Esri International User Conference July 8–12, 2013 | San Diego, California Building Secure Applications.
Standards for Shared ICT Jeju, 13 – 16 May 2013 Gale Lightfoot Senior Staff Program Manager, Office of the CTO, SPB Cisco ATIS Cybersecurity Standards.

Standards for Shared ICT Jeju, 13 – 16 May 2013 Gale Lightfoot Senior Staff Program Manager, Office of the CTO, SPB Cisco ATIS Cybersecurity Standards.
Oracle Confidential – Internal/Restricted/Highly RestrictedCopyright © 2014, Oracle and/or its affiliates. All rights reserved. | Oracle Identity Management.

Oracle Confidential – Internal/Restricted/Highly RestrictedCopyright © 2014, Oracle and/or its affiliates. All rights reserved. | Oracle Identity Management.
CIS 2200 Kannan Mohan Department of CIS Zicklin School of Business, Baruch College.

CIS 2200 Kannan Mohan Department of CIS Zicklin School of Business, Baruch College.
MIGRATING INTO A CLOUD P. Sai Kiran. 2 Cloud Computing Definition “It is a techno-business disruptive model of using distributed large-scale data centers.

MIGRATING INTO A CLOUD P. Sai Kiran. 2 Cloud Computing Definition “It is a techno-business disruptive model of using distributed large-scale data centers.
Chapter 20 20-1 © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Similar presentations

Ads by Google