Presentation is loading. Please wait.

Presentation is loading. Please wait.

Jason Ming Sun ICT Academic Systems University of South Africa Government CIO Summit Towards reducing costs of doing business in government.

Published byTrever Tanton Modified over 9 years ago

Similar presentations

Presentation on theme: "Jason Ming Sun ICT Academic Systems University of South Africa Government CIO Summit Towards reducing costs of doing business in government."— Presentation transcript:

1 Jason Ming Sun ICT Academic Systems University of South Africa jmingsun@unisa.ac.za Government CIO Summit Towards reducing costs of doing business in government and contributing towards achieving clean audit 1 Date: 29 May 2013

2 Commission 2 2 FOSS Security

3 Commission 2 3

4 FOSS @ Unisa 4

5 Community Source www.sakaiproject.org 5

6 Sakai is… 6

7 Sakai Community Model pilot, production Adopt code, resources Contribute practices, processes, tools and technology Share community, commercial Support 7

8 Sakai Community Model 8

9 Sakai Software Suite: CLE 9

10 Sakai Software Suite: OAE 10

11 Sakai Foundation 11 “ The Sakai Foundation has a [more] defined leadership structure in order to ensure that the Foundation's mission to support the community and software is fulfilled. Still, the Board is elected by the members of the community, specifically those institutions that are members of the Sakai Foundation. The Board, in turns, oversees the staffing and financial health of the Foundation. With this structure, the community truly leads the Foundation; the Foundation serves the Sakai community.”

12 Sakai is… 12

13 Sakai Security Policy 13 Sakai Foundation’s commitment to Information and Application Security Security Work Group Vulnerability Classification Security Advisory Protocol

14 Sakai Foundation Commitment 14 “Sakai is an open-source software initiative that promotes knowledge sharing and information transparency. However, when dealing with security vulnerabilities the integrity of existing Sakai installations can be compromised by the premature public disclosure of security threats before the Sakai Community has had time to analyze, develop and distribute countermeasures through private channels to institutions and organizations that have implemented Sakai software. Recognizing this danger, the Sakai Foundation has developed a security policy that seeks to safeguard the security of existing Sakai installations as well as provide full public disclosure of Sakai security vulnerabilities in a timely manner.”

15 Security Work Group 15 “The Sakai Community has instituted a Security Work Group (WG) composed of senior members of the community to respond to reports of security vulnerabilities and who operate using private channels of communication. Besides working to resolve known security vulnerabilities the Security WG will also operate in a pro-active manner, reviewing existing tools and services from a security perspective; defining Sakai security requirements; devising QA/testing models that identify potential security weaknesses; producing security-related documentation; and helping educate developers on web- related security vulnerabilities.”

16 Of interest… 16 Latest offer by a community member to help educate developers in terms of secure application development: 2 May 2013

17 Vulnerability Classification 17 Critical Risk – the possible exposure of data to unauthorized viewing, modification, deletion or acquisition as well as … data corruption Major Risk – attacks that could compromise the availability of Sakai or otherwise degrade system performance Minor Risk

18 Security Advisory Protocol 18 3 2 1 Alert Sakai Foundation Partners and designated security contacts with known Sakai implementations

19 Security Advisory Protocol 19 3 2 Alert the wider Sakai Community 1 Alert Sakai Foundation Partners and designated security contacts with known Sakai implementations

20 Security Advisory Protocol 20 3 Alert the Public 2 Alert the wider Sakai Community 1 Alert Sakai Foundation Partners and designated security contacts with known Sakai implementations

21 Of interest… 21 Last major vulnerability reported: 15 December 2011

22 General Security Guidelines 22 download IDE/Compiler/JDKFOSS CodeFOSS Binaries

23 General Security Guidelines 23 Download from source: – FOSS Binaries – FOSS Code – Compilers, Integrated Development Environments (IDE), Software Development Kits

24 General Security Guidelines 24 Verify authenticity of the site:

25 General Security Guidelines 25 Establish an update schedule for security patches at a operating system, application server and application software level. Manage change in your ICT environment according to governance frameworks including ITIL and CoBIT.

26 Cost factors 26

27 Cost factors 27 Financial resources – Optional partnership fees Human resources Physical resources

28 Sakai Foundation Partners Program 28 Sakai partners are paying members of the Sakai Foundation who provide the intellectual, human and financial capital necessary to support both the Foundation and the work of the community. Unisa is a Foundation Partner.

29 Sakai Foundation Membership Fee 29 Regular membership USD 10 000 – (ZAR 95 000) per year, renewable annually. Discounted membership USD 5 000 for institutions with limited enrollments (less than 3000) – (ZAR 47 250) per year, renewable annually.

30 Sakai Foundation Partners Program 30 Become a member if you want to: – Participate in foundation governance – Help determine priorities for the community – Collaborate in every phase of the software production process

31 Cost factors 31 Financial resources Human resources – Super User (train, support) – System Administrator (configure, implement) – Database Administrator (MySQL/Oracle) – Technical Contributor (develop in Java) Physical resources

32 Unisa’s ICT team 32 Financial resources Human resources – Super User/Trainer – Business Analyst – System Administrator/Integrator – Oracle Database Administrator – Java Software Analyst-Developer Physical resources

33 Cost factors 33 Financial resources Human resources Physical resources – Server hardware or hosting plans (cloud)

34 myUnisa tech architecture 34 Software load balancer [SSL end-point] Internet Firewall Virtualized app server Database server

35 myUnisa tech architecture 35 9 virtualized application servers – Ubuntu Linux Server LTS – Apache Tomcat 1 virtualized load balancer – Pound 1 physical database server – Oracle 11g

36 In Summary 36

37 FOSS Security Success Factors 37 FOSS Security Active Code Review Community Advisory Protocol Trust the Source Keep abreast with security patches and updates

38 Reference links 38 https://confluence.sakaiproject.org – search for “security policy” http://www.sakaiproject.org

39 Thank You 39

Download ppt "Jason Ming Sun ICT Academic Systems University of South Africa Government CIO Summit Towards reducing costs of doing business in government."

Similar presentations

SE Name SE Title Blackboard Training: Approaches and Opportunities.

SE Name SE Title Blackboard Training: Approaches and Opportunities.
UCSC History. UCSC: A brief history 60s University Placement Committee A lot of field trips/interaction with employers.

UCSC History. UCSC: A brief history 60s University Placement Committee A lot of field trips/interaction with employers.
High level QA strategy for SQL Server enforcer

High level QA strategy for SQL Server enforcer
Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.
USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.

USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.
S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,

S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,
Enabling Responsible International Workplaces New FFC Partnership Model.

Enabling Responsible International Workplaces New FFC Partnership Model.
Secure Sockets Layer eXtended (SSLX) Next Generation Internet Security Overview Presentation April 2011.

Secure Sockets Layer eXtended (SSLX) Next Generation Internet Security Overview Presentation April 2011.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
David A. Brown Chief Information Security Officer State of Ohio

David A. Brown Chief Information Security Officer State of Ohio
Management’s Role in Information Security V.T. Raja, Ph.D., Oregon State University.

Management’s Role in Information Security V.T. Raja, Ph.D., Oregon State University.
HIPAA Security Standards What’s happening in your office?

HIPAA Security Standards What’s happening in your office?
1 IS112 – Chapter 1 Notes Computer Organization and Programming Professor Catherine Dwyer Fall 2005.

1 IS112 – Chapter 1 Notes Computer Organization and Programming Professor Catherine Dwyer Fall 2005.
Alliance for Strategic Technology (AST) SUNY Business Intelligence Initiative January 8, 2009.

Alliance for Strategic Technology (AST) SUNY Business Intelligence Initiative January 8, 2009.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Patching MIT SUS Services IS&T Network Infrastructure Services Team.

Patching MIT SUS Services IS&T Network Infrastructure Services Team.
Effort in hours Duration Over Weeks Or Months Inception Launch Web Lifecycle Methodology Maintenance Phases 1234576891011 Copyright Wonderlane Studios.

Effort in hours Duration Over Weeks Or Months Inception Launch Web Lifecycle Methodology Maintenance Phases Copyright Wonderlane Studios.
Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.

Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.
Accessibility, Integrity, & Confidentiality: Security Challenges for E-Business Rodney J. Petersen University of Maryland & Educause/Internet2 Security.

Accessibility, Integrity, & Confidentiality: Security Challenges for E-Business Rodney J. Petersen University of Maryland & Educause/Internet2 Security.

Similar presentations

Ads by Google