 |
Standard Security - X/Open Security |
|
Standard Security - X/Open Security |
X/Open Security is The Open Group's name for the collection of Security Product Standards, practical guides, and other services, aimed at setting new superior levels of practical security for business.
X/Open Security represents the first internationally agreed-upon set of Security Product Standards that have been specifically designed by and for over 150 of the world's largest commercial customers, It is a design criteria that X/Open Security cariies significant and real benefits for both customers and suppliers.
Supported by the world's leading suppliers of information technology, X/Open Security is only available on systems that carry the X/Open Brand. The X/Open Brand indicates that the supplier guarantees that its product fully conforms to the published X/Open Security Standards.
X/Open Security Product Standards are designed to be implemented on systems based on any leading operating system, including UNIX®, PC operating systems such as NT® and OS/2®, and mainframe operating systems, thus providing consistency across the corporate computing environment.
The initial X/Open Security Standards address the concerns and priorities of private and public users of open systems who need assurance that such systems are capable of providing a reasonable level of protection against the sorts of disruptive events which commonly occur in the world of business and public administration, such as accidents, errors, unauthorised use and amateur but malicious tinkering.
It is not intended, to provide a guaranteed solution for applications involving highly-classified information in military or other governmental environments, or in situations where attacks are concerted and malicious and take advantage of obscure and little-known design flaws using innovative techniques that are one step ahead of protection mechanisms.
In making use of X/Open Security, it should be noted that technology is only a part of the totality required for good commercial security in practice. A corporate security policy should be defined and implemented, which covers physical, procedural and technical issues associated with security. For instance, informed security practices are most important - eg., those covered by the British Standard BS7799. In addition, no amount of technology can completely protect against such practices as improper administration, or the installation of certain types of flawed applications.
By using X/Open Security Standards, the customer is fully aware of what he is procuring through the branded product description on brand certificates, and via Conformance Statement Questionnaires, which are completed by branding vendors. Both of these pieces of information are publicly available, whereas in certain evaluation schemes, information like this is unknown.
Consequently, X/Open Security is actively supported by over 150 of the world's largest multinational commercial enterprises. They have worked together, and with the world's leading vendors, to define standards that deliver real and practical value; combining benefits of an overall improvement in practical security, together with cost-benefits as a result of their usage.
Return to Security Introductory page
