Security: Difference between revisions

From OPeNDAP Documentation
⧼opendap2-jumptonavigation⧽
Line 20: Line 20:
=== Resources ===
=== Resources ===


[http://www.information-security-policies-and-standards.com/ information-security-policies-and-standards.com]
* [http://www.information-security-policies-and-standards.com/ information-security-policies-and-standards.com]
[http://www.cert.org/ cert.org]
* [http://www.cert.org/ cert.org]
* [http://17799.denialinfo.com/whatisiso17799.htm ISO 17799] ISO 17799 (and its sister standard, whose number escapes me) are the 'big daddies' of security policies. They are certainly overkill for us, but [http://17799.denialinfo.com/chapter8.htm chapter 8] and [http://17799.denialinfo.com/chapter13.htm chapter 13] might have some interesting ideas. It would be a good idea to not contradict this standard, at the least.


--[[User:jimg|James Gallagher]] 11:20 3 May 2007 (MDT)
--[[User:jimg|James Gallagher]] 11:20 3 May 2007 (MDT)

Revision as of 23:34, 4 May 2007

Authentication Working Group

Motivation

We want to develop a policy that helps both OPeNDAP and the people who run our software to be confident that using the software does not substantially increase the level of risk of a computer/network security problem. We know that risk is inherent in using computer networks, but it can be managed and reduced by avoiding certain behaviors. The policy we develop here should address those behaviors. As we do this, we can hopefully increase awareness about computer security in the OPeNDAP community to the point where more services become available for users.

Statement of Work

  1. Evaluate existing Computer and Network security policies
  2. Distill from those elements which apply to OPeNDAP and its community of users
  3. Determine if we need to address both Servers and Clients in separate policies or not, or if we only need to address Server security
  4. Make recommendations to OPeNDAP regarding its Interim policy
  5. Develop a Community policy if that's appropriate
  6. Move on from policy to procedures, it that seems appropriate

Members

  1. James Gallagher
  2. Jerry Pan
  3. Chris Lynnes

Resources

--James Gallagher 11:20 3 May 2007 (MDT)