Active Loss prevention - IT Security and Risk Management

Download Report

Transcript Active Loss prevention - IT Security and Risk Management 

Active Loss Prevention
A business approach to IT Security
and Risk Management
Mike Lambert
Vice President
Mobile +1 650 888 2469
GSM +44 7770 451167
[email protected]
Apex Plaza
Forbury Road
Reading, RG1 1AX
Tel +44 118 950 8311
Fax +44 118 950 0110
www.opengroup.org
Agenda

The Open Group

Security in The Open
Group

Active Loss
Prevention
Agenda

The Open Group

Security in The Open
Group

Active Loss
Prevention
The Open Group is . . .

17 July 2015
A global consortium committed to delivering
greater business efficiency by bringing
together buyers and suppliers of information
technology to lower the time, cost and risk
associated with integrating new technology
across the enterprise.
4
(C) The Open Group 2003
Statistics
200 Member Organizations
6000 Participants
17 Countries
Customers
Banks, Financial Services,
Lawyers
Government Departments
and Agencies
Manufacturers, Retail
17 July 2015
5
Suppliers
Systems Vendors
Middleware and Applications
Integrators
Architects
(C) The Open Group 2003
Problems from …
Need to integrate
and optimize
processes
Operational Processes
External “Out” Space
Customer Support
Selling
Internal Space
Manufacturing
Legal
Finance
Assembling
Online
Systems
External “In”
Space
Design
Systems
Procuring
ERP
Systems
Requirements
Systems
Procurement
Systems
17 July 2015
6
(C) The Open Group 2003
Systems
Actually Want This…
External “Out” Space
Processes
Customer Support
Internal Space
Manufacturing
Legal
Finance
Assembling
Online
Systems
External “In” Space
Design
Systems
Procuring
ERP
Systems
Requirements
Systems
Procurement
Systems
17 July 2015
7
(C) The Open Group 2003
Systems
But Have This
Ext. “Out” Space
Processes
Customer Support
Internal Space
Manufacturing
Legal
Finance
Assembling
Online
Systems
External “In” Space
Design
Systems
Procuring
ERP
Systems
Requirements
Systems
Procurement
Systems
17 July 2015
8
(C) The Open Group 2003
Systems
Vision

17 July 2015
Boundaryless Information Flow™
achieved through global interoperability
in a secure, reliable and timely manner.
9
(C) The Open Group 2003
Mission
To drive the creation of Boundaryless Information
Flow™ by:
 Working with customers to capture, understand and address
current and emerging requirements, establish policies and share
best practices;
 Working with suppliers, consortia and standards bodies to
develop consensus and facilitate interoperability, to evolve and
integrate open specifications and open source technologies;
 Offering a comprehensive set of services to enhance the
operational efficiency of consortia; and
 Developing and operating the industry's premier certification
service and encouraging procurement of certified products.
17 July 2015
10
(C) The Open Group 2003
Agenda

The Open Group

Security in The Open
Group

Active Loss
Prevention
Boundaryless Information Flow™ Technical Taxonomy
Qualities
Security
Security
Mobility
Application Platform
Information Consumer Applications
Development
Tools
Brokering
Applications
Management
Utilities
Information Provider Applications
Performance
17 July 2015
12
Qualities
(C) The Open Group 2003
Manageability
Current Security Activities in The Open Group
Active Loss
Prevention
17 July 2015
Risk
Vocabulary
Business
Context
Identity
Management
PKI Guidelines
& Management
Secure Mobile
Architecture
ML Security
For Real-time
Security Guides
For Managers
Security
Design Patterns
Access
Control
Trust
Services
Secure
Messaging
13
(C) The Open Group 2003
Agenda

The Open Group

Security in The Open
Group

Active Loss
Prevention
The Goal

17 July 2015
To reduce the incidence and impact of loss
that occurs as a result of unauthorized
activity in information systems within and
between organizations
15
(C) The Open Group 2003
The Driver

Participation in eCommerce is an imperative
for many enterprises

Known Rewards
 Increased Revenue
 Customer Relations
 Reduced Costs

17 July 2015
Unknown Risks
16
(C) The Open Group 2003
The Approach

17 July 2015
Business oriented
approach to understand
risks and integrate into
overall risk
management
17

(C) The Open Group 2003
Technically oriented
activities to provide
necessary levels of trust
Customer Requirements

Vocabulary of risk terms


17 July 2015
A set of terms that can be
used to accurately
communicate risk
information
Actuarial Data




Enable the insurance
industry to assess risk,
cost, frequency of events,
severity etc
18
Liability
(C) The Open Group 2003
Examples: Standard
contract terms, model law,
model regulation, standard
terms of business etc
Trust Services

Technical services that
will be needed to deliver
the requirements of other
groups
The Fire Department Model

Prevent fires from starting
 Approved architecture
 Certified materials and building methods
 Regular inspection

Prevent fires from spreading
 Heat/smoke detectors
 Fire fighting equipment
 Trained fire-fighters

Limit potential loss when they do start and spread
 Fire breaks
 Fireproof safes
 Insurance
17 July 2015
19
(C) The Open Group 2003
How does this apply to IT security

Prevent fires from starting
 Approved architecture
 Certified components and integration methods
 Real-time establishment of trust

Prevent fires from spreading
 Application/system instrumentation to allow early detection
of abnormal behavior
 Real-time sharing of system/application status
 Trained fire-fighters

Limit potential loss when they do start and spread
 Firewalls
 Backups
 Insurance
17 July 2015
20
(C) The Open Group 2003
Active Project Areas




17 July 2015
Vocabulary of Risk Terms - accurately communicate risk
information between the various professions involved in
managing a business.
Liability - determine standards and best practices for standard
contract terms, model law, model regulation, negotiation terms,
standard terms of business etc.
Actuarial Data - define the data that the insurance industry will
need to gather in order to build actuarial data, assigning
frequency, severity and normalizing the data across industries.
Trust Services - specify technical support needed for business
best practices
21
(C) The Open Group 2003
Some quotes
“Trust is essential to business
- security just gets in the way”
“Trust …
… but verify”
Ronald Reagan
“It is good to trust …
… it is better not to”
Sholom Bryski
17 July 2015
22
(C) The Open Group 2003
Mike Lambert
Vice President
Mobile +1 650 888 2469
GSM +44 7770 451167
[email protected]
Apex Plaza
Forbury Road
Reading, RG1 1AX
Tel +44 118 950 8311
Fax +44 118 950 0110
www.opengroup.org