- Managers Guides
- Data Privacy
- Guide to PKI
- Identity Mgt
- Access Control
- Security Patterns
- Secure Messaging
How we work
Open Group Security Standards/Guides
The Security Forum has liaisons with other open Group Forums, and with other external
Links with Other Open Group Forums
- Liaison with Architecture Forum
on the use of patterns for decsribing architecture. The Security Pattern definitions being
developed for the Guide to Security Patterns will be contributed to the Architecture Forum
for inclusion (by reference or otherwise) in their next revision of TOGAF. Ongoing liaison
is underway to ensure we maintain a consistent approach to the definition of patterns.
- Liaison with Mobile Management Forum (MMF)
on authentication, authorization and accounting in mobile environments. Recent
re-organization into work areas has facilitated joint working on Access Control and
- Liaison with Directory Interoperability Forum (DIF)
to ensure that development of LDAP technical standards do not contravene basic security
requirements. Recent re-organization into work areas has facilitated joint working on
Access Control, Identity Management, and PKI Guidelines & Manageability.
- Messaging Forum
on security aspects of their Secure Messaging Challenge. Recent re-organization into work
areas has facilitated further joint working on Access Control, Identity Management, and
PKI Guidelines & Manageability.
- Real Time and Embedded Systems Forum (RTES)
The Security Forum is working with the RTES Forum to define requirements of a secure real
time operating system.
Links with Other Consortia
Our goal is to support and leverage existing security solutions from
other industry groups, and only develop new solutions when necessary. Where possible, we
therefore adopt and integrate relevant standards work contributed from our member
companies, and from other industry consortia.
Among the working relationships we have developed with other consortia
- OASIS (Organization for the
Advancement of Structured Information Standards)
- KRA (Key Recovery Alliance),
(Internet Engineering Task Force),
- W3C (World Wide Web Consortium),
- ISF (International Security
- ICX (International Commerce Exchange),
- NACHA (North America Clearing House
Association), BITS (Banking Industry Technology Secretariat),
- ICC (Internet Chamber of Commerce),
- OECD (Organization for Economic and
(American Bar Association),
- FIX (Financial Information Exchange),
- OBI (Open Buying on the Internet)
- OTP (Open Transaction Protocol).
- PKI Forum
- ICX (International Commerce Exchange)
Liaisons that are currently active or in the process of being set up
include the following:
Internet Engineering Task Force - IETF
The IETF (http://www.ietf.org) is a large open international community of network
designers, operators, vendors, and researchers concerned with the evolution of the
Internet architecture and the smooth operation of the Internet. It is open to any
interested individual at no membership cost. Working groups are organized by topic into
several areas (e.g., routing, transport, security, etc.). The Security working group of
the IETF works on some IP layer activities, the TLS layer and intrusion detection.
World Wide Web Consortium - W3C
The W3C (http://www.w3.org) develops interoperable technologies (specifications,
guidelines, software, and tools) to lead the Web to its full potential as a forum for
information, commerce, communication, and collective understanding. We have particular
interest in its standardization work on XML, as a common language for sharing information
The Organization for the Advancement of Structured Information Standards
(http://oasis-open.org/) is a non-profit, international
consortium that creates interoperable industry specifications for e-Business based on
public standards such as XML and SGML, as well as others that are related to structured
information processing, directory and transaction processing.
Center for Internet Security (CIS)
The mission of the CIS (http://www.cisecurity.org) is to help organizations around the
world effectively manage the risks related to information security. CIS provides methods
and tools to improve, measure, monitor, and compare the security status of
Internet-connected systems and appliances, particularly through Internet security
benchmarks that it provides to its members.
The European Electronic Messaging Association (http://www.eema.org/) was formed in 1987,
and has evolved its mission to continue through its members as the leading catalyst for
e-Business in Europe. It has international links with other "messaging
associations" in other continents, and has a wide customer-based membership.
The Information Security Forum (http://www.securityforum.org/ and previously known as the
European Security Forum) is widely recognised as a provider of high quality,
business-driven information security solutions. It is an independent, not-for-profit
association. Its mission is to meet the ever-increasing demand for practical solutions to
the security problems that surround protecting business information. The Forum undertakes
an extensive work program funded from membership fees, and delivers the results of these
programs to all members.
The International Information System Security Certification Consortium
(http://www.isc2.org/) is a global, not-for-profit organization dedicated to providing IT
security information and expertise to Governments, corporations, centers of higher
learning, and other IT security-oriented organizations worldwide. Its mission is to
provide a common platform for maintaining a common body of knowledge on information
security, and certifying industry professionals and practitioners as profficient to
recognized levels - Certified Information Systems Security Professional (CISSP), and
System Security Certified Practitioner (SSCP).
For further information please contact Ian Dobson.
Other Conferences and Shows
Who to Contact