Introduction to the Security Forum - PowerPoint PPT Presentation

About This Presentation
Title:

Introduction to the Security Forum

Description:

X/Open Basic Security Services (XBSS) Common Data Security Architecture (CDSA) ... Classical model in a cartoon. Analyze threats. Analyze vulnerabilities ... – PowerPoint PPT presentation

Number of Views:16
Avg rating:3.0/5.0
Slides: 9
Provided by: stevenj71
Learn more at: http://www.opengroup.org
Category:

less

Transcript and Presenter's Notes

Title: Introduction to the Security Forum


1
Introduction to the Security Forum
2
What We Used to Do
  • Security Standards Development
  • X/Open Basic Security Services (XBSS)
  • Common Data Security Architecture (CDSA)
  • With reference implementation
  • Authorization API (AZN API)
  • Work on PKI
  • Architecture (APKI)
  • DCE/PKI Integration

3
Why We Dont Do That Now
  • Security standards development is well addressed
    by some other organizations
  • IETF, OASIS
  • Some high-profile standards did not achieve the
    desired uptake and effect
  • CDSA, AZN
  • There are significant challenges in security that
    are not being addressed anywhere on a systematic
    basis

4
Classical Security Analysis
  • Classical model in a cartoon
  • Analyze threats
  • Analyze vulnerabilities
  • Analyze risks
  • Design and implement countermeasures
  • Whats wrong with the classical model?
  • It starts with bad things to prevent
  • It assumes all risk is bad
  • The result often prevents good things

5
Our Model Is Different
  • We believe that security exists to ensure that
    business gets done according to policy
  • Policies are business-driven, for example
  • Comply with the law because you want to stay in
    business
  • Respect your customers because you want to keep
    them
  • Understand your risks and make business decisions
    about which to accept and how

6
Managing Risk
  • Risk is not necessarily a bad thing
  • Every business transaction carries risk
  • Some ways to deal with risk
  • Disclaim it
  • Transfer it by contract
  • Hedge against it
  • Insure against it
  • Accept it
  • Security helps you manage risk by design

7
Active Loss Prevention
  • The Open Group has had an Active Loss Prevention
    Initiative for several years
  • It provides a framework for addressing IT issues
    related to risk and loss in the context of law,
    insurance, and business
  • The ALP Initiative is now integrated into the
    Security Forum
  • A welcome addition because their aims are the
    same as ours

8
Summary
  • Our mission is to bridge the gap between business
    objectives and traditional security technology
  • Clear ways to talk about business security
  • Analytical tools to turn objectives into design
  • Identification of gaps in both understanding and
    technology
  • What are the emerging requirements?
  • Better understanding between buyers and suppliers
    of IT
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2025 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Introduction to the Security Forum" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!