• A Standard, quantitative, information risk framework and taxonomy with supporting resources to enable business by managing and reducing technology-related risks.
• A certification program for quantitative risk analysts
• The intersection of enterprise architecture, security architecture, and risk
• Security assurance for business technology operations
• Clear guidelines to secure the technology environment in an era of increased business agility and competitiveness
• Zero Trust Security Architectures to enable Digital Transformation
• A framework for managing information security and for managing information in the wider context (O-ISM3)
The Security Forum produces general purpose intellectual property: reusable theory, principles, best practices, methods, white papers, guides, and standards to help suppliers and users of technology implement safe, secure, and cost-effective systems.
Security Forum in Action
The Open Group Security Forum regularly presents as part of various conferences and events. Speakers and their presentations at upcoming events are below:
The Open Group - Open Digital Standards Virtual Event
- Monday, July 19, 2021, to Wednesday, July 21, 2021
SIRA April 2021 Webinar: Calculating Reserves for Cyber Risk
- Security Forum Chair Mike Jerbic & Dr. Bob Mark
- Friday, April 30, 2021 at 11:00AM PDT
Security Forum Individual Contributor Spotlight
The Security Forum is nothing without the individuals who develop content, drive progress, and evangelize our publications and activities.
Lead Cybersecurity Architect, Microsoft
Mark Simos is currently a Co-Chair of Zero Trust Architecture Working Group, representing the Security Forum and serving a 1-year term. Mark is passionate about helping modernize, simplify, and better organize the cybersecurity / information security industry using Zero Trust approaches.
As Lead Cybersecurity Architect for Microsoft, Mark leads the development of cybersecurity reference architectures, best practices, reference strategies, prescriptive roadmaps, and other guidance to help customers rapidly secure their organizations in the digital age. Mark focuses on helping organizations meet both their cybersecurity and digital transformation goals by combining lessons learned from cybersecurity incident investigations and Microsoft’s experience operating and protecting hyper-scale cloud services.
Mark has presented at numerous conferences including Black Hat USA, RSA Conference, Gartner Security & Risk Management, Microsoft BlueHat, Microsoft Ignite, and Financial Executives International in addition to The Open Group Events.
The Open Group Security Forum thanks Mark for his advocacy and evangelization of Zero Trust and the Zero Trust Architecture Working Group.
Security Forum Organization Spotlight
Member Organizations of the Security Forum are varied but share a common goal to manage and reduce technology-related risks, secure the technology environment, and raise confidence levels in business technology operations.
HealthGuard was founded in 2001 by Apolonio “Apps” Garcia to change the conversation that small and mid-size hospital systems were having around risk management. Through building quantitative cyber risk management programs hospitals are better able to make the decisions that protect patients, improve compliance, and better allocate financial resources. Now in its second decade of existence, HealthGuard offers a Software as a Service (SaaS), Open FAIR™ -based cyber risk management solution (DecipherRisk) specifically designed for healthcare. DecipherRisk provides hospital decision makers with centralized management, powerful analytics and quantitative risk measurements that traditional processes and analysis methods cannot provide.
HealthGuard also offers HealthGuard University providing specialized risk management training for healthcare IT security teams, risk managers, and executives. As part of this, offers Open FAIR™ Certification as an Accredited Training Course Provider of The Open Group. HealthGuard also offers a Risk Quantification for Executives course, providing business leaders an overview of quantitative risk analysis methods and techniques that will allow them to develop more accurate estimates with limited data.
The Security Forum thanks HealthGuard for their work around quantitative risk analysis and the Open FAIR standard and for helping build and support the global community of cyber risk analysts.
The Open FAIR Certification for People program is aimed at meeting the needs of risk analysts and organizations employing risk analysts. The program is based on the Open FAIR (Factor Analysis of Information Risk), which provides a model and taxonomy for understanding, analyzing, and measuring information risk.
The Open FAIR Certification Program is based on the Open FAIR™ Body of Knowledge, which is comprised of two standards:
- • The Open Group Risk Taxonomy (O-RT) Standard that provides a standard definition and taxonomy for information security risk, as well as information regarding how to use the taxonomy.
- • The Open Group Risk Analysis (O-RA) Standard that provides risk analysts with the specific processes necessary to perform effective Open FAIR risk analysis.
Join the 975+ Open FAIR Certified Individuals!