Read the Community Blog

February 2011 Open Security Architecture Newsletter

February 2011 Open Security Architecture Newsletter

Please find a short summary of recent changes on the Open Security Architecture website.

NEW PATTERNS


We have just finalised the DMZ pattern.
http://www.opensecurityarchitecture.org/cms/library/patternlandscape/286-sp-016-dmz-module
This pattern is a standard module that will be reused within the pattern library.

There is a near final draft of the Board of Directors Room pattern.
http://www.opensecurityarchitecture.org/cms/library/patternlandscape/292-draft-pattern-board-room
This pattern gives a solution for secure collaboration on highly sensitive materials such as financial reporting and board minutes.

There is an initial draft of Industrial Control Systems pattern.
http://www.opensecurityarchitecture.org/cms/library/patternlandscape/293-draft-sp-023-industrial-control-systems
This pattern is a first in this area, and we are really please to have been able to collaborate with Industrial Control System experts to ensure that the quality is high for this first draft. If this is an area you have experience in we'd welcome comments.

A secure audit trails pattern is being started.



Mappings and Icons
You can now download the entire catalog and mappings as a database that can be imported into MySQL or any other DBMS of your choice.
More info here: http://www.opensecurityarchitecture.org/cms/library/0802control-catalogue/266-08-02-controls-catalog-sql-export

The icon packs and templates have been updated to add a couple of new icons and correct an SVG rendering bug under Chrome.
http://www.opensecurityarchitecture.org/cms/library/icon-library
http://www.opensecurityarchitecture.org/cms/library/pattern-template


Outlook
We aim to add a PCI-DSS v2 mapping to the catalog shortly.
Do you have other ideas for the roadmap? Let us know at info at opensecurityarchitecture.org

All work from contributors is always credited to the originator.

We always appreciate feedback on progress, and further improvements you want to see.
If you think OSA could be useful for your contacts please pass on the word.

Best regards
The OSA core team

OSA has more than 1000 members

OSA is visited by more than 10'000 visitors from almost 100 countries each month
We highly appreciate all contributions and donations
  • Created on .

Updated icon pack

There is a new icon pack available (11.02) that includes the icons created for the Industrial Control Systems pattern.

  • Programmable Logic Controller (PLC)
  • Drive or motor to represent output
  • Thermometer to represent input

We've also added an iMac icon.

Get the new pack from the icon library. These will also be integrated into the base template.

  • Created on .

Update to patterns

Quick update on pattern progress as it has been quiet lately given the core team have been very busy.

  • The DMZ pattern has been promoted from draft
  • Board of Directors pattern requires a few small updates to bring into line with the standard template then will be finalised.
  • We are working an Industrial Process Automation pattern and should have a draft ready for comment in coming weeks
  • 2 other patterns are pending owners: Secure Network Zone and Consumer Devices

All work is credited back to originators.

  • Created on .

Updated Pattern Naming Convention

The pattern naming convention has been changed to [SP-xxx: Name of area Pattern] where SP stands for Security Pattern. For example SP-019: Secure Adhoc File Exchange Pattern

This allows all patterns to be uniquely referenced, with version information held within the pattern itself. It also means that the patterns are easier to read through in the library, and we can use the same directory structure when working on them offline.

  • Created on .

Uniquely ID a browser via fingerprint

How unique and traceable is your browser? A lot more than you realise. This research project from the EFF looks at various characteristics from your browser strings, and in my case when I checked, uniquely identified me in the 1 million plus tests done so far.... Interesting privacy implications given that some companies on the web are starting to use this to track users uniquely across sites...

  • Created on .