OpenSource Tools Sarah Cortes www.inmantechnologyIT.com Sarah’s blog: SecurityWatch Sarah’s ITtechEx column twitter: SecuritySpy LinkedIn: Sarah Cortes

OpenSource Tools Agenda InmanTechnologyIT Classes of Tools Overview Definition History

InmanTechnologyIT

Classes of Tools

Overview

Definition

History

Sarah Cortes, PMP, CISA Clients: Harvard University Biogen Fidelity Professional Associations: Sarah is a member of the AIM Advisory Board on Data Privacy Laws to the Massachusetts Legislature Practice expertise Complex Application Development/Implementation IT Security/Privacy/Risk Management/Audit Management Data Center Operations Management Disaster Recovery/High Availability Program/Project Management Background SVP in charge of Security, DR, IT Audit, and some Data Center Operations at Putnam Investments As head of DR, ran Putnam's failover during 9/11 when parent Marsh McLennan failed over to our facility from the World Trade Center 99th floor data center Coordinated over 65 audits per year Previously ran major applications development for Trading/Analytics Systems

Clients:

Harvard University

Biogen

Fidelity

Professional Associations:

Sarah is a member of the AIM Advisory Board on Data Privacy Laws to the Massachusetts Legislature

Practice expertise

Complex Application Development/Implementation

IT Security/Privacy/Risk Management/Audit Management

Data Center Operations Management

Disaster Recovery/High Availability

Program/Project Management

Background

SVP in charge of Security, DR, IT Audit, and some Data Center Operations at Putnam Investments

As head of DR, ran Putnam's failover during 9/11 when parent Marsh McLennan failed over to our facility from the World Trade Center 99th floor data center

Coordinated over 65 audits per year

Previously ran major applications development for Trading/Analytics Systems

OpenSource Tools Classes of Tools Messaging - Thunderbird Business Intelligence - OpenOffice Project Management EGroupware OpenBench OpenProj Diagramming - Dia Operating Systems – Linux Security - avg Content Management (CMS)– Joomla! Browser – Mozilla Firefox Reference - Wikipedia

Messaging - Thunderbird

Business Intelligence - OpenOffice

Project Management

EGroupware

OpenBench

OpenProj

Diagramming - Dia

Operating Systems – Linux

Security - avg

Content Management (CMS)– Joomla!

Browser – Mozilla Firefox

Reference - Wikipedia

OpenSource Tools Will They …? Drive you crazy? Waste your precious resources on a marginal investment that will soon be out of date? Serve as evidence to be used against you later?

Drive you crazy?

Waste your precious resources on a marginal investment that will soon be out of date?

Serve as evidence to be used against you later?

OpenSource Tools Could they help….? Save you after you have already gotten into trouble? Attempt, however lamely, to keep you out of trouble Prove that, however obvious the trouble is, it is not your fault

Save you after you have already gotten into trouble?

Attempt, however lamely, to keep you out of trouble

Prove that, however obvious the trouble is, it is not your fault

OpenSource Tools Calling in the Experts

OpenSource Tools Did you know….? Seven out of ten attacks are from…

Seven out of ten attacks are from…

OpenSource Tools You may be wondering… Why would anyone rely on them? Is free software real? Will new tools ever stop coming out, just for a little while?

Why would anyone rely on them?

Is free software real?

Will new tools ever stop coming out, just for a little while?

OpenSource Tools Standards Overview ISO/IEC 27000 - International Organization for Standardization/International Electrotechnical Commission ITIL – Information Technology Infrastructure Library NIST - National Institute of Standards and Technology PMBOK – Project Management Body of Knowledge TOGAF - The Open Group Architecture Framework CMMI for Development - Capability Maturity Model Integration SEI’s CMM (Capability Maturity Model) for SW (US DoD) Software Engineering Institute COBIT - Control Objectives for Information & related Technology Information Systems Audit and Control Association

ISO/IEC 27000 - International Organization for Standardization/International Electrotechnical Commission

ITIL – Information Technology Infrastructure Library

NIST - National Institute of Standards and Technology

PMBOK – Project Management Body of Knowledge

TOGAF - The Open Group Architecture Framework

CMMI for Development - Capability Maturity Model Integration

SEI’s CMM (Capability Maturity Model) for SW

(US DoD) Software Engineering Institute

COBIT - Control Objectives for Information & related Technology

Information Systems Audit and Control Association

OpenSource Tools Definition “ a decentralized form of production in which the underlying programming instructions, or “source code”, for a given piece of software are made freely available. Anyone can look at it, modify it, or improve it, provided they agree to share their modifications under the same terms.…” -The Economist, June 10, 2004

“ a decentralized form of production in which the underlying programming instructions, or “source code”, for a given piece of software are made freely available. Anyone can look at it, modify it, or improve it, provided they agree to share their modifications under the same terms.…”

-The Economist, June 10, 2004

OpenSource Tools Definition Free Redistribution Source Code -The program must include source code Derived Works -The license must allow modifications Integrity of The Author's Source Code No Discrimination Against Persons or Groups No Discrimination Against Fields of Endeavor Distribution of License License Must Not Be Specific to a Product License Must Not Restrict Other Software License Must Be Technology-Neutral -Open Source Initiative

Free Redistribution

Source Code -The program must include source code

Derived Works -The license must allow modifications

Integrity of The Author's Source Code

No Discrimination Against Persons or Groups

No Discrimination Against Fields of Endeavor

Distribution of License

License Must Not Be Specific to a Product

License Must Not Restrict Other Software

License Must Be Technology-Neutral

-Open Source Initiative

OpenSource Tools History 1960 - Arpanet 1969 - Internet 1998 – January- Netscape Navigator 1998 – February- Open Source Initiative (OSI) 1998 – April- 1998 – Open Source Summit 2008 – Proliferation everywhere

1960 - Arpanet

1969 - Internet

1998 – January- Netscape Navigator

1998 – February- Open Source Initiative (OSI)

1998 – April- 1998 – Open Source Summit

2008 – Proliferation everywhere

Sarah Cortes www.inmantechnologyIT.com Clients: Harvard Law Harvard CAIT Biogen Fidelity BeBop Media & Music Practice expertise Complex Application Development/Implementation IT Security/Risk Management/Audit Management Data Center Operations Management Disaster Recovery/High Availability Program/Project Management Background – Sarah Cortes SVP in charge of Security, DR, IT Audit, and some Data Center Operations at Putnam Investments Previously ran major applications development for Trading/Analytics Systems As head of DR, ran Putnam's failover during 9/11 when parent Marsh McLennan failed over to our facility from the World Trade Center 99th floor data center Coordinated over 65 audits per year Certified Information Systems Auditor (CISA) and PMP-certified ( Project Management Program)

Clients:

Harvard Law

Harvard CAIT

Biogen

Fidelity

BeBop Media & Music

Practice expertise

Complex Application Development/Implementation

IT Security/Risk Management/Audit Management

Data Center Operations Management

Disaster Recovery/High Availability

Program/Project Management

Background – Sarah Cortes

SVP in charge of Security, DR, IT Audit, and some Data Center Operations at Putnam Investments

Previously ran major applications development for Trading/Analytics Systems

As head of DR, ran Putnam's failover during 9/11 when parent Marsh McLennan failed over to our facility from the World Trade Center 99th floor data center

Coordinated over 65 audits per year

Certified Information Systems Auditor (CISA) and PMP-certified ( Project Management Program)