• A Standard, quantitative, information risk framework and taxonomy with supporting resources to enable business by managing and reducing technology-related risks.
• A certification program for quantitative risk analysts
• The intersection of enterprise architecture, security architecture, and risk
• Security assurance for business technology operations
• Clear guidelines to secure the technology environment in an era of increased business agility and competitiveness
• Zero Trust Security Architectures to enable Digital Transformation
• A framework for managing information security and for managing information in the wider context (O-ISM3)
The Security Forum produces general purpose intellectual property: reusable theory, principles, best practices, methods, white papers, guides, and standards to help suppliers and users of technology implement safe, secure, and cost-effective systems.
Security Forum in Action
The Open Group Security Forum regularly presents as part of various conferences and events. Speakers and their presentations at upcoming events are below:
November 2020 Webinar #2 – Society of Information Risk Analysts
- John Linford – “Updates to the Open FAIR™ Standards & Next Steps” – Friday, Nov. 20, 2020, @ 12:00PM MST (2:00 PM EST)
Security Forum Individual Contributor Spotlight
The Security Forum is nothing without the individuals who develop content, drive progress, and evangelize our publications and activities.
Retired – Former Security Forum & Jericho Forum Director
Ian Dobson joined The Open Group in 1991 while it was still known as the X/Open Company, before its merge with the Open Software Foundation in 1996 when it officially became The Open Group. In 2000, Ian became the Forum Director of the Security Forum, and then in 2004, he also became the Forum Director of Jericho Forum (which sunset in 2013) until his retirement.
As Forum Director, Ian acted as a technical project manager tasked with coordinating a diverse team of skilled professionals to deliver consensus value-add open standards, guides, and thought-leading papers. In this role, Ian aided the development and publication of numerous standards, guides, and white papers addressing members’ broad interests on managing risk, identity, access control, data protection, frameworks & architectures, privacy, and “trust ecosystems.”
Ian is now fully retired and enjoys spending time with his family and friends, holiday travel, music, browsing the wide world via the internet, and occasional DIY. He remains interested in following developments on information security and interacting with previous members of the Security and Jericho Forums.
The Open Group Security Forum thanks Ian for his time as Forum Director and the role he played in ensuring its future and success.
Security Forum Organization Spotlight
Member Organizations of the Security Forum are varied but share a common goal to manage and reduce technology-related risks, secure the technology environment, and raise confidence levels in business technology operations.
The Jericho Forum® was founded in 2004 by a group of corporate CISOs (Chief Information Security Officers). The founders of the Jericho Forum sought to address problems associated with the breakdown in effectiveness of network security in protecting resources, something they called de-perimeterization, now a central concept for Zero Trust and Zero Trust Architectures. The initial efforts of the Jericho Forum led to the Jericho® Forum Commandments, which define the design principles that must be observed when architecting systems for secure operation in de-perimeterized environments. These were followed by a second set of identity and authorization principles: The Jericho Forum® Identity Commandments.
The Jericho Forum was formally sunset in 2013, after it was incorporated into The Open Group Security Forum. The Jericho Forum determined its de-perimeterization mission was accomplished and celebrated its success in October 2013 in the UK. The Security Forum now maintains the Jericho Forum’s deliverables and is actively working to ensure its thought-leadership is remembered and utilized to this day.
The Open FAIR Certification for People program is aimed at meeting the needs of risk analysts and organizations employing risk analysts. The program is based on the Open FAIR (Factor Analysis of Information Risk), which provides a model and taxonomy for understanding, analyzing, and measuring information risk.
The Open FAIR Certification Program is based on the Open FAIR™ Body of Knowledge, which is comprised of two standards:
- • The Open Group Risk Taxonomy (O-RT) Standard that provides a standard definition and taxonomy for information security risk, as well as information regarding how to use the taxonomy.
- • The Open Group Risk Analysis (O-RA) Standard that provides risk analysts with the specific processes necessary to perform effective Open FAIR risk analysis.
Join the 830+ Open FAIR Certified Individuals!