#4 WSO2 masterclassitalia - ISO27000 compliant grazie a wso2 Identity Server
•
0 gefällt mir•47 views
Il webinar descrive come applicare le norme della ISO 27000 in ambito Identity Management grazie a WSO2 Identity Server. Contattaci scrivendo a wso2.sales@profesia.it per iniziare un percorso di integrazione e trasformazione verso un business agile
Empfohlen
Empfohlen
Weitere ähnliche Inhalte
Ähnlich wie #4 WSO2 masterclassitalia - ISO27000 compliant grazie a wso2 Identity Server
Ähnlich wie #4 WSO2 masterclassitalia - ISO27000 compliant grazie a wso2 Identity Server (20)
Mehr von Profesia Srl, Lynx Group
Mehr von Profesia Srl, Lynx Group (20)
Kürzlich hochgeladen
Kürzlich hochgeladen (20)
#4 WSO2 masterclassitalia - ISO27000 compliant grazie a wso2 Identity Server
- 2. Iscriviti al gruppo Linkedin WSO2 Italia per entrare nella community italiana, conoscere la tecnologia WSO2 e condividere strategie di integrazione e use cases
- 3. ISO/IEC 27000 Sistemi di Gestione per la Sicurezza delle Informazioni (SGSI) ● Requisiti per creare SGSI ● Progettare e mantenere (migliorando) SGSI ● Linee guida negli ambiti di utilizzo di SGSI ● Valutare SGSI
- 6. Why it is important to use ISO 27000-series standard in your Cloud Solution? ● Data breaches - the biggest security risk ● ISO 27001 - A guideline for effective security ● ISO 27001 - can be applied to any organisation
- 7. The ISO 27001 controls that we can achieve through WSO2 Identity Server 6. Organization of Information security 6.1 Information security roles and responsibilities 7. Human resource security 7.1 Internal users consent management 7.2 Manage user responsibilities 9. Access Control 9.2 Responsibilities for assets 9.4 System and application access control 9.4.3 Password management system
- 8. 10. Cryptography 10.1 Cryptographic Controls 10.1.1 Policy on the user of Cryptographic controls 10.1.2 Key Management 12. Logging and Monitoring 12.4.1 Event logging 12.4.2 Protection of log information 12.4.3 Administrator and operator log 18. Compliance with legal requirements 18.1.4 Privacy and protection of personally identifiable information 18.1.3 Protection of records 18.1.5 Regulation of cryptographic control 18.2.1 Compliance with security policies and standards
- 11. Identity Provisioning and Deprovisioning
- 12. Password security Viene salvato Hash delle password Integrazione con sistemi Vault Password history RegEx per password complesse
- 15. Token eyJhbGciOiJIUzI1NiIsInR 5cCI6IkpXVCJ9.eyJzdWIiO iIxMjM0NTY3ODkwIiwibmFt ZSI6IkpvaG4gRG9lIiwiaWF 0IjoxNTE2MjM5MDIyfQ.Sfl KxwRJSMeKKF2QT4fwpMeJf3 6POk6yJV_adQssw5c yzXuf1lOqTRMjthZMsOTFs+naxZTi9Xf+gpa2Kli3c+0+WZvuQLdIiEYd9FJ/WRk WGoCUFFkhxwdXMHTK7oe4yqOgd2zRfCxHC4l6TFhsIEAkZlhihJcalN5rrO5TMTh 2Rz6Mzc4hRiJ2eM1pEVlQSXr4ONdm69rMDApchrQb+ICOT7cjTLnjIhOr1/xRz9B QGQe8VxZ2OOR7GCHlH4nmkr6YahzOx4yA5DjQP9oRDg/OX1ngKYxySx6q8y5Qhbs xGLVLDwXShy1EyRwU+xa6JNXA2WFjH42uQ0YHcr62xbGswjbggiktoPu8DrZtS7z Fd9Ig7smNr39C62ULmyuUJeypp6ObDDxFVJ5Ns7e13pxEbUZIKmhvPwTsMPLHTmB oIi+FIEJQL683btqpMBAcSkczKegF02NEJoE+QzppwHxVEHt0FuXWbBwPqCTPugh Fa8RvG3izweDA5Y5J8WJC8vBcfNhzEEak8FCBeKxcQpWbqG/XHzJNqfbJUU+ImnY 5UhQWI98/w67ArDHSXIczpnuEgcF3863PjHmgoxc1IMsOImN8tdgc3AOH1cvvEO5 zs0yBkcgc7cDT4lF6nJFspUHh/PNd3KJuqWCOaozeFX2TdsB4U0/9eVrJfjccoX/ XmIPwNkW7nOwm9Y1P6TJ2eUkHtWgvwMdNx+ll77vYv5NKU83jxgX0hfxCn3LRePI Xcn7psCJXJ+Hj8pni1KgApjjKV9ugzT86mB29Me9dLcID2dFlF8utfJ8iP7PQYeO ibDgbn16fbQrkhNN2/r3NBiK/A== -----END ENCRYPTED PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIE8DCCAtgCCQD0E3PiI579ZjANBgkqhkiG9w0BAQsFADA5MQswCQYDVQQGEwJp dDELMAkGA1UECAwCdG8xDzANBgNVBAcMBlRvcmlubzEMMAoGA1UECgwDQ1NJMCAX DTIxMDUwNTEyMjgyMVoYDzIxMjEwNDExMTIyODIxWjA5MQswCQYDVQQGEwJpdDEL MAkGA1UECAwCdG8xDzANBgNVBAcMBlRvcmlubzEMMAoGA1UECgwDQ1NJMIICIjAN BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAnBE1oeUpvKRJjeX8BsQUls5G0Lh3 2yYZH9eZwCCLLb+nX0AN2maRavUM0a+pKJwCetfEOrX9YyhYbRqaUGkGEpoJm243 G+omoJ98VRZ4ocuv/c+b2QccLLOtyoBZ7FuPZSfcZIY8DqE2MtGt3XNHtAM1Wgoo Xd4aPuNKuUnHyrUbzclSRwsUUFPtrnJXhMn+5PeUUHPivlDmlYVIyPkAtSbAlgUT tKbiyAeY6xCW/Wpa/oyIG1k0578WSbdlfNDA/Mz5Diu2PN9NCLP0N2A5cjWksqUO ytdPXGhmdG1MZExld07PI4Ev+DsRVCjwaJH7kmnijl9xbRd3s8MYsGchLFYYhHTI eIJc0YJA3d/DPFMjK8rlbNl+ZTNMd1r2uqkj9tPpojP8XXAc1MzR5+/OZJpCCBQj
- 16. Logging # Appender config to CARBON_LOGFILE appender.CARBON_LOGFILE.type = RollingFile appender.CARBON_LOGFILE.name = CARBON_LOGFILE appender.CARBON_LOGFILE.fileName = ${sys:carbon.home}/repository/logs/wso2carbon.log appender.CARBON_LOGFILE.filePattern = ${sys:carbon.home}/repository/logs/wso2carbon-%d{MM-dd-yyyy}.log appender.CARBON_LOGFILE.layout.type = PatternLayout appender.CARBON_LOGFILE.layout.pattern = TID: [%tenantId] [%appName] [%d] [%X{Correlation-ID}] %5p {%c} - %mm%ex%n appender.CARBON_LOGFILE.policies.type = Policies appender.CARBON_LOGFILE.policies.time.type = TimeBasedTriggeringPolicy appender.CARBON_LOGFILE.policies.time.interval = 1 appender.CARBON_LOGFILE.policies.time.modulate = true appender.CARBON_LOGFILE.strategy.type = DefaultRolloverStrategy appender.CARBON_LOGFILE.strategy.max = 20 appender.CARBON_LOGFILE.filter.threshold.type = ThresholdFilter appender.CARBON_LOGFILE.filter.threshold.level = DEBUG
- 17. Observability
- 19. Q&A?
- 21. Contatti DOVE SIAMO Milano - Torino - Padova - Roma TELEFONO Torino +39-011-0120371 EMAIL wso2.sales@profesia.it @