-
• A Standard, quantitative, information risk framework and taxonomy with supporting resources to enable business by managing and reducing technology-related risks.
• A certification program for quantitative risk analysts
• The intersection of enterprise architecture, security architecture, and risk
-
• Security assurance for business technology operations
• Clear guidelines to secure the technology environment in an era of increased business agility and competitiveness
-
• Zero Trust Security Architectures to enable Digital Transformation
• A framework for managing information security and for managing information in the wider context (O-ISM3)
The Security Forum produces general purpose intellectual property: reusable theory, principles, best practices, methods, white papers, guides, and standards to help suppliers and users of technology implement safe, secure, and cost-effective systems.
Projects & Activities
Security Forum in Action
The Open Group Security Forum regularly presents as part of various conferences and events. Speakers and their presentations at upcoming events are below:
-
The Open Group - Open Digital Standards Virtual Event
- Monday, January 25, through Wednesday, Jan. 27, 2021
Security Forum Individual Contributor Spotlight
The Security Forum is nothing without the individuals who develop content, drive progress, and evangelize our publications and activities.
Christopher Carlson
President, C T Carlson LLC
Christopher (Chris) Carlson has been an active contributor in The Open Group Security Forum for more than 10 years. His area of focus has centered primarily around risk analysis and risk management, helping develop numerous cookbooks and integration white papers that demonstrate the compatibility of Open FAIR with risk assessment and risk management frameworks and playing a key role in updating the Open FAIR™ Body of Knowledge.
Chris finished his 39-year career at The Boeing Company as an Associate Technical Fellow in May 2016 and founded C T Carlson LLC to provide information security writings and advisory services. Among these writings is his book How to Manage Cybersecurity Risk – A Security Leader’s Roadmap with Open FAIR™, which was published in 2019. Chris is the current project leader of the Open FAIR™ Risk Analysis Example Guide Project. The Open FAIR™ Risk Analysis Example Guide will complement the recently updated Open FAIR™ Body of Knowledge. As project leader, Chris is responsible for managing updates to the document and ensuring the working group remains on track.
Chris has a Master of Science in computer science from Washington State University. He is a Certified Information System Security Professional and is Open FAIR Certified. Chris actively evangelizes the Open FAIR™ Body of Knowledge, having presented many times as part The Open Group Events and other industry events, webinars, etc.
The Open Group Security Forum thanks Chris for his numerous contributions to publications and his role in evangelizing its publications.
Security Forum Organization Spotlight
Member Organizations of the Security Forum are varied but share a common goal to manage and reduce technology-related risks, secure the technology environment, and raise confidence levels in business technology operations.
RiskLens®
RiskLens was founded in 2011 by Jack Jones, one of the foremost authorities in the field of technology and cyber risk management and the creator of FAIR, which eventually became the Open FAIR™ standard of The Open Group. RiskLens is a Member of The Open Group Security Forum and is the leading provider of cyber risk management software that is purpose-built on Open FAIR. The RiskLens software allows organizations to effectively manage their risk by providing a way to quantify cyber risk in financial terms. RiskLens routinely partners with organizations in private enterprise and government, including Members of The Open Group such as IBM, to improve their ability to make cost-effective investment decisions on cybersecurity.
RiskLens is committed to helping educate and evangelize Open FAIR and offers training in Open FAIR as an Accredited Training Course Provider of The Open Group. RiskLens has trained hundreds of individuals who have gone on to achieve their Open FAIR Foundation Certification through The Open Group. Moreover, RiskLens is the Technical Advisor of the FAIR Institute, a non-profit professional organization comprised of over 10,000 members worldwide, that is dedicated to advancing the discipline of measuring and managing information risk, based on the FAIR standard.
The Security Forum thanks RiskLens for the work done around the Open FAIR standard and for helping build and support the global community of information risk analysts.
The Open FAIR Certification for People program is aimed at meeting the needs of risk analysts and organizations employing risk analysts. The program is based on the Open FAIR (Factor Analysis of Information Risk), which provides a model and taxonomy for understanding, analyzing, and measuring information risk.
The Open FAIR Certification Program is based on the Open FAIR™ Body of Knowledge, which is comprised of two standards:
- • The Open Group Risk Taxonomy (O-RT) Standard that provides a standard definition and taxonomy for information security risk, as well as information regarding how to use the taxonomy.
- • The Open Group Risk Analysis (O-RA) Standard that provides risk analysts with the specific processes necessary to perform effective Open FAIR risk analysis.
Join the 830+ Open FAIR Certified Individuals!
Get Involved and Gain Influence in Defining Open Standards and Certifications
Being a member of The Open Group gives organizations early access to the latest information and developments regarding open standards and best practices, and enables them to participate in The Open Group’s highly influential Forums and Work Groups. We provide a collaborative, vendor-neutral environment where member representatives can:
- • Network with a world-class community of peers, experts and industry leaders
- • Have early access to information on industry developments
- • Gain insight for future decisions from both major customers and suppliers of IT
- • Influence outcomes that benefit their organizations
- • Grow professionally, and enhance their credibility in the industry
- • Receive education in best practices