Security Forum

A trusted, collaborative environment for both the customer and supply sides of industry, government, and academia, who share a common goal of securely and pragmatically enabling business needs within organizational risk threshold and tolerance in light of achievable and cost-effective technical solutions. 
 
Who We Are & What We Do
The Open Group Security Forum provides a vendor-neutral environment where Members, who tend to be security and risk generalist practitioners, can obtain relevant knowledge, exert influence, grow professionally, and network with a world-class community of experts and peers. 
 
Security Forum contributors have the reputation of vigorously but cordially debating hard questions and concepts to establish next-generation risk evaluation and security technology approaches, methods, applications, and best practices. These areas include: 
 
  • • A Standard, quantitative, information risk framework and taxonomy with supporting resources to enable business by managing and reducing technology-related risks. 

    • A certification program for quantitative risk analysts

    • The intersection of enterprise architecture, security architecture, and risk

     
  • • Security assurance for business technology operations

    • Clear guidelines to secure the technology environment in an era of increased business agility and competitiveness

     
  • • Zero Trust Security Architectures to enable Digital Transformation

    • A framework for managing information security and for managing information in the wider context (O-ISM3)

The Security Forum produces general purpose intellectual property: reusable theory, principles, best practices, methods, white papers, guides, and standards to help suppliers and users of technology implement safe, secure, and cost-effective systems. 

 

       

The Open Group Security Forum has published numerous documents over its 20+ years of existence. These documents are grouped below in their own webpages containing links to the documents on The Open Group Library with brief introductions for each grouping.
 
 
For a breakdown of The Open Group document classifications, please read A Handbook for Publications Development. The Open Group Standards Process describes the consensus-decision process for developing publications.

Projects & Activities

Security Forum in Action

The Open Group Security Forum regularly presents as part of various conferences and events. Speakers and their presentations at upcoming events are below:

 

Mike Jerbic & Dr. Bob Mark - "Calculating Reserves for Cyber Risk" - SIRAcon 2021

  • Thursday, Aug. 5, 2021 at 3:45PM EDT

 

 

 

Security Forum Individual Contributor Spotlight

The Security Forum is nothing without the individuals who develop content, drive progress, and evangelize our publications and activities.

 

Dr. Jack Freund

 

Over the course of his career in technology and risk, Dr. Jack Freund has become a leading voice in cyber risk measurement and management. As Head of Cyber Risk Methodology for VisibleRisk (the Moody’s/Team8 JV), Jack has overall responsibility for the systemic development and application of frameworks, algorithms, and quantitative and qualitative methods to measure cyber risk. Previously, Jack was Director, Risk Science at quantitative risk management startup RiskLens and then Director, Cyber Risk for TIAA. Jack has 23 years of experience consulting, building, and leading technology and risk management programs for Fortune 100 organizations. He is also the co-author of “Measuring and Managing Information Risk: A FAIR Approach,” which was inducted into the Cybersecurity Canon in 2016 and is the foundational book on cyber risk quantification (CRQ) using the Open FAIR™ standard.

 

Jack was awarded a Ph.D. in Information Systems after his research in disaster informatics and cyber resilience at Nova Southeastern University. He also holds a Masters in Telecommunication, Project Management, and a BS in CIS. He holds the CISSP, CISA, CISM, CRISC, CGEIT, CDPSE, CIPP, and PMP designations. Jack has been named a Senior Member of the IEEE and ACM, a Fellow of the IAPP and FAIR Institute, and a Distinguished Fellow of the ISSA. He is the 2020 recipient of the (ISC)2 Global Achievement Award, 2018 recipient of ISACA’s John W. Lainhart IV Common Body of Knowledge Award, the FAIR Institute’s 2018 FAIR Champion Award, and presented Nova Southeastern University's Distinguished Alumni Award.

 

 

The Security Forum thanks Jack for his foundational role in and advocacy for Open FAIR and for his continued efforts to further develop and refine its concepts and components.

 

 

Security Forum Organization Spotlight

Member Organizations of the Security Forum are varied but share a common goal to manage and reduce technology-related risks, secure the technology environment, and raise confidence levels in business technology operations.

 

Mosaic451

 

 

Mosaic451 was founded in 2011 and is a Member of The Open Group Security Forum.

Mosaic451 employs a cutting-edge decision-support capability for itself and its clients, which is focused on cybersecurity and information assurance decision-making functions. They leverage the risk-modeling techniques of Open FAIR to bring the actuarial approach to risk management in disciplines traditionally accustomed to decisions based on fear, uncertainty, and doubt (exacerbated by vendors fanning those flames to sell their products). Mosaic451's decision support team is comprised of analysts certified in Open FAIR with backgrounds in mathematics, economics, data science, and information assurance. The team is led by the winner of the inaugural FAIR Institute FAIR champion award.

 

In addition to its decision-support services, Mosaic451 also provides bespoke cyber operations, analysis, and critical infrastructure defense for high-risk, high-threat, complex and regulated organizations in energy, finance, global distribution, government, healthcare, technology, and transportation. They protect complicated data and distribution systems, including water, hydroelectric, generation capacity, and transportation for tens of millions of Americans across the United States. They protect two of Southern California’s most prestigious healthcare systems; 31 hydro projects on the Columbia river basin alone; airports that serve over 90M passengers a year; and nuclear power plants in multiple states.

 

Mosaic451 has been recognized with several awards including: CRN Managed Services 500 (2018); CRN Triple Crown Top 50 (2017); Ranked 250 in the CRN Tech Elite (2017); one of INC. 500's America's fastest growing companies (2017 and 2018).

 

The Security Forum thanks Mosaic451 for the work done around the Open FAIR standard and for helping build and support the global community of information risk analysts.

The Open FAIR Certification for People program is aimed at meeting the needs of risk analysts and organizations employing risk analysts. The program is based on the Open FAIR (Factor Analysis of Information Risk), which provides a model and taxonomy for understanding, analyzing, and measuring information risk.

 

The Open FAIR Certification Program is based on the Open FAIR™ Body of Knowledge, which is comprised of two standards:

Join the 1000+ Open FAIR Certified Individuals!

The Open Group Platinum Members
fujitsu
HCL_Technologies
huawei
ibm
intel
microfocus
philips