You are here: The Open Group > The Open Group Conference, San Francisco 2012 > Proceedings

Security and Jericho Forums

Objective of Meeting

The Security Forum and Jericho Forum held joint meeting sessions to address the following agenda items:

Public Sessions

  • Monday: Dependability in Open Systems
  • Tuesday: Security Survey; Cyber-Security; Trusted Technology
  • Wednesday: Security in the Cloud

Members-Only Sessions

  • Information Security Management – using O-ISM3 to enhance ISO/IEC 27001
  • Identity, Entitlement, & Access Management – Identity Training Pack, and participation in USA National Strategy for Trusted Identities in Cyberspace (NSTIC) initiative
  • Authorization Roles Managed on RBAC (ARMOR) standard
  • TOGAF-next – development workshop on integrating information security into TOGAF-next
  • Dependency Modelling standard for managing risk in complex interdependent systems
  • Secure Mobile Architecture (SMA) standard
  • ArchiMate® and Security – joint workshop with the Archimate Forum


Public Sessions

Monday: Dependability in Open Systems

How Enterprise Architecture is Helping NISSAN IT Transformation
Celso Guitoko, Corporate Vice President and CIO, Nissan Motor Co., Ltd.

Tuesday: Security Survey; Cyber-Security; Trusted Technology

Cyber Attack Plenary Keynote:

What You're Up Against: Mobsters, Nation-States, and Blurry Lines
Joseph Menn, Author and Cybersecurity Correspondent for the Financial Times

Security Survey:

The Open Group Security Survey Results
Jim Hietala, The Open Group


Overview of TOGAF® and SABSA Integration White Paper
Dave Hornford, Chair, Architecture Forum


Information Security in the Internet Age
Steve Whitlock, Chief Security Strategist, Boeing

PANEL: Strategies for Data Protection, Trusted Environments, Identity Entitlement & Access Management, Resilience, and Security Intelligence/Management
Moderated by Ann Mezzapelle, HP Strategist, Security Services with: Chirantan “CJ” Desai, Senior VP, Endpoint and Mobility Group, Symantec; Alan Kessler, VP and GM Development, Security Research and Support Enterprise Security Products, HP; and Greg Brown, VP Product Marketing Network Security, McAfee

Trusted Technology:

Andras Szakal, IBM and Chair of The Open Group Trusted Technology Forum (OTTF) presented an update of this area.

Wednesday: Security in the Cloud

Architecting a RESTful Cloud: The Key to Elasticity
Jason Bloomberg, President, ZapThink

Architecting for Information Security in a Cloud Environment
David J. W. Gilmour, Metaplexity Associates, US

Members-Only Sessions

Information Security Management – Using O-ISM3 to Enhance ISO/IEC 27001

This Guide explains how to use the O-ISM3 Standard to optimize security management based on ISO/IEC 27001. It is a follow-on deliverable from publication of the O-ISM3 Standard in February 2011. It is aimed at Business Risk Managers and Information Security Managers who know and use ISO/IEC 27001 as the foundation for their organization’s Information Security Management System (ISMS), but who also see that increasing demands for improved security in the face of continual increases in security exploits and cyber-terrorism require more effective ways to measure the performance of all aspects of their ISMS. They need these measurements to inform them and their business managers on how to cost-effectively target their investment in their ISMS so that it meets their organization's business security goals – both in compliance and in business efficiency.

The draft v6 discussed in this meeting is in Security Forum member review until February 28, leading to submission to Company Review for approval to publish as a Guide.

Identity, Entitlement, & Access Management – Identity Training Pack, and participation in USA National Strategy for Trusted Identities in Cyberspace (NSTIC) initiative

The Jericho Forum Identity Webinar is archived on a recording available here.

The presentation only is available here.

Members in this meeting reviewed the presentation in detail, and the feedback received will be used to develop both the slide deck and inform development of the Jericho Forum Identity Training Pack.

Also included in this session was an update on progress from the leaders of the USA National Strategy for Trusted Identities in Cyberspace (NSTIC) initiative, which the Jericho Forum and the Security Forum have strong interest in supporting. The NSTIC announcement includes advisories on:

  • Funding for Pilot Programs that support the NSTIC initiative; see here for plans to establish an NSTIC Steering Group
  • A meeting at RSA USA on Wednesday February 29 from 3-5pm in Room 121 of the Moscone Center in San Francisco giving an NSTIC update featuring White House Cybersecurity Co-ordinator Howard Schmidt and NSTIC National Program Office Manager Jeremy Grant
  • A meeting session at the annual NIST-hosted IDtrust Workshop on March 13-14 at the NIST Campus in Gaithersburg, MD; for more information see here
Authorization Roles Managed on RBAC (ARMOR) Standard

The Security Forum Working Group has now completed its development of this standard, which is intended to be taken up in The Open Group Single UNIX Specification when it successfully completes its formal approval through Company Review. In this meeting, the draft ARMOR specification was approved for submission to Company Review.

TOGAF-next – Development Workshop on Integrating Information Security into TOGAF-next

Reviews in the Security Forum Steering Committee with Dave Hornford (Chair, Architecture Forum) on November 29, 2011 and December 14, 2011 provided the basis for Steering Committee members to develop a project proposal to integrate architecting information security into TOGAF, based on Dave Hornford’s presentation.
This proposal was taken forward in this workshop, in which the participants developed a TOGAF-next-security outline project plan which synchronized to the Architecture Forum’s proposed timeframe for developing TOGAF-next Parts 1, 2, & 3.  This outline plan included pulling together an inventory of existing Security Forum and Jericho Forum resource documents from which we can extract relevant material to re-purpose, and thereby do a gap analysis on what new material this project will need to develop. Members also clarified with the Architecture Forum Chair and Open Group Forum Director our understandings on how we should work with the Architecture Forum to deliver and integrate our information security contributions into each of Parts 1, 2, and 3 of this project.Actions were agreed to take this project forward.

Dependency Modelling Standard for Managing Risk in Complex Interdependent Systems

This standard is expected to represent a significant addition to our Risk Management publications. This meeting session reviewed the draft 3 specification, which has undergone significant re-structuring during development from the previous draft 2. Pete Burnap and Richard Byford from our Intradependency project partner led a review through each chapter of draft 3, highlighting the objectives and new specification content, and the areas where the project partners intend to revise existing coverage on metrics, and adding a reference model example. This work to develop draft 4 is planned for members review starting February 24, with the aim to finalize the draft standard for Company Review starting end-March 2012.  Discussion closed with a review identifying all Open Group members who we should target in our development review on drafts 3 and 4, and in the Company Review.

Secure Mobile Architecture (SMA) Standard

In this meeting session, members reviewed draft 1.6 of our SMA Snapshot, with the aim to re-structure its existing content into four main sections – Introduction(1), Requirements(2), Mobility & Interoperability(3), Reference Model(4), plus Appendices for including Use-Case Analysis and Relevant Standards Information. Dependencies on the ISA 100.15 standards work (expected to be available in Q112) and on protocols development work in the TCG (which may need to be taken to the IETF) suggest we may anticipate moving SMA from a Snapshot to a Standard in Q212. Actions were agreed to develop the re-structured draft 1.6 in the next four weeks, for review as draft 1.7.

ArchiMate® and Security – Joint Workshop with the Archimate Forum

Information on what ArchiMate is and delivers is available here.

Iver Band and Christophe Feltus gave a presentation on the goals and background to their business architecture objectives for adding roles and responsibilities for security into ArchiMate.

Christophe followed with a presentation on his research outcomes on this topic.

Discussion then ensued on how best to approach the ArchiMate requirements for security to meet the needs of the business stakeholders, from which a next-steps plan was agreed.


All the objectives listed above were successfully achieved.

Next Steps

Follow-up actions were agreed by members participating in the meeting sessions summarized above. These will be progressed from this San Francisco meeting and the next Open Group conference in Cannes, France, April 23-27, 2012.


See above.

   |   Legal Notices & Terms of Use   |   Privacy Statement   |   Top of Page   Return to Top of Page