Home · About · A-Z Index · Search · Contacts · Press · Register · Login

Strategy

Recent News

Members

Presentations

Publications

Links

Past Projects

Contact Us

You are here: Forums->Security Forum ->Strategy

Vision

Our strategy is in line with the Vision of The Open Group - Boundaryless Information Flow, achieved through global interoperability in a secure, reliable and timely manner.

Security is vital to this vision. It is a "quality that must be in place throughout the environment

Mission

Our mission is to support The Open Group's Mission in the areas of information security.

Security is about achieving business objectives within applicable law and policy - managing risk, and not merely preventing bad things from happening

Security creates protected systems with controlled perimeters. A controlled perimeter is “boundaryless” where (and only where) it needs to be.

Security design is necessarily pervasive. It bridges the gap between business objectives and traditional “security” technology. This involves identifying gaps in both understanding and technology. It requires good understanding between buyers and suppliers of IT solutions, and correct positioning within the Security Life Cycle – Concept, Requirements, H-L Design, L-L Design, Implementation, Integration, Test & Certification, Operation & Maintenance, Obsolescence & Succession.

We aim to leverage the collective strengths of others working in the same areas, by developing collaborative activities with other consortia, so speeding up progress towards optimum open systems solutions and avoiding duplication of effort

A big part of the problem is just defining exactly what problem we’are trying to solve.

Strategy

To achieve effective boundaryless information flow it is essential that we maintain the security and confidentiality of information. Before distributed networked computing systems became the norm, information security used to be simply described as the 3 A’s – Authentication, Authorization, and Accounting - applied to a bounded (enclosed) system. However, as it evolved into a networked system within a corporate boundary (intranet), and from there to global networking over the Internet as well as other private networks, the requirements have broadened significantly, and now are commonly characterized as embracing Confidentiality, Integrity, Availability, & Audit.

Today's requirement is to make information and applications secure in a Web Services and Grid Computing environment. This gives rise to a much more complex set of business requirements in which the business customer has to decide what levels of security are optimum for specific areas in their overall business operations.

Business today is led by managers who more often than not are trained in business management, not in IT. These managers have to understand sufficient about IT to make decisions on what computing technologies to buy and what it does (and does not) buy for their business. The aim of our non-technical business guides is to introduce the key concepts and questions a business manager can ask to cut through the technical jargon and understand what to look for and what to expect when they buy. Proper understanding of IT security issues for information flow across networks and domains is crucial to creating widest business support for boundaryless information flow.

On the technology side, software architects and designers need to be enabled to design their own information security architectures. As the proverb says: 'It's better to teach a man how to fish than to give him fish'. So it is also best to explain to security software architects and designers how to design sound security architectures suited to their own businesses. We are working on a security architectures approach to boundaryless information flow, as well as a security design patterns approach to verify the coherence of security architecture designs.

We also identify and refine requirements for solutions to existing pain-point problems, and support opportunities to match new and emerging technologies to contribute standards solutions to these problems. This is a process involving logging requirements and identifying resources and champions to lead work projects on solutions. An increasing amount of our resources are now expended on verifying that our strategic approach remains valid:

• analyzing and understanding the complex information security  requirements
• seeking to match requirements to solutions that are available in the marketplace
• promoting use of new and emerging technologies that offer open systems security solutions, and facilitate integrating them so they interoperate
• seeking to promote use of solutions based on Standards because these will always ease interoperability and integration problems.