The SANS Institute
Contact Diane Sardi
FOR IMMEDIATE RELEASE
October 25, 2007

Tel: (808) 823-1375
Email: dsardi@sans.org

Tanya Baccam, Chairperson of SANS Cyber Defense Initiative announced today the acceptance and posting of the second of the 2007 initiatives, the introduction to Service Oriented Architecture. This initiative is important because the National Institute of Standards and Technology special publication 800-95 Secure Web Services is one of the best publications they have ever produced. It helps us understand the growth in both numbers and importance of web applications and how vulnerable they are. As they say themselves, "The advance of Web services technologies promises to have far-reaching effects on the Internet and enterprise networks. Web services based on the eXtensible Markup Language (XML), SOAP, and related open standards, and deployed in Service Oriented Architectures (SOA) allow data and applications to interact without human intervention through dynamic and ad hoc connections. Web services technology can be implemented in a wide variety of architectures, can co-exist with other technologies and software design approaches, and can be adopted in an evolutionary manner without requiring major transformations to legacy applications and databases."

SP 800-95 gives solid architectural guidance, it is a break through document, but the content is beyond the reach of most managers. When we read terms like SOA, SOAP, TLS, XML, XACML, UDDI, WSDL our eyes glaze over even though we know this is really important material. SANS wanted to help and produced this introduction as a 2007 Cyber Defense Initiative. There are no prerequisites, some basic IT and IT Security previous knowledge is assumed. All attendees to CDI 2007 will recieve a free copy of all initiatives and this document will be posted for the community to use after the conference.

SANS is the most trusted and by far the largest source for information security training and certification in the world. It also develops, maintains, and makes available at no cost, the largest collection of research documents about various aspects of information security, and it operates the Internet's early warning system - Internet Storm Center. SANS also sponsored the creation of GIAC, a leading industry security certification. The SANS (SysAdmin, Audit, Network, Security) Institute was established in 1989 as a cooperative research and education organization. Its programs now reach more than 165,000 security professionals around the world. A range of individuals from auditors and network administrators, to chief information security officers are sharing the lessons they learn and are jointly finding solutions to the challenges they face. At the heart of SANS are the many security practitioners in varied global organizations from corporations to universities working together to help the entire information security community.

# # #

If you would like more information about this topic, or to schedule an interview with Tanya Baccam or Stephen Northcutt, or press requests to see the document before its release date, contact Diane Sardi at (808) 823-1375 or send email dsardi@sans.org. URLs of the NIST document and SANS CDI 2007 are shown below:
https://www.sans.org/cdi07/
http://csrc.nist.gov/publications/nistpubs/800-95/SP800-95.pdf