Houston 2018: Proceedings - Security Forum

Security Forum

Objective of Meeting

The Security Forum met for a half-day session on Tuesday to discuss the status of current projects as well as strategy and objectives over the next 12 months.

Summary

A workshop was conducted on Wednesday comparing and contrasting the Open FAIR™ standard with the Boe-Tie standard.

A presentation was given reviewing the SipMath standard from Probability Management. A discussion was held to consider adoption by The Open Group as a standard of The Open Group and its application to other Open Group tools and its benefits to industry in general.

The next development steps were considered for the Open FAIR Risk Analysis Tool including:

  • Inclusion of the SipMath Metalogs into the tool
  • User interface enhancements
  • Maintainability and internal documentation
  • Licencing agreements
  • Its part in promoting Open FAIR adoption

The future direction of Open FAIR was discussed as follows:

  • Status of current Open FAIR projects
  • Does the Open FAIR standard need to be updated to reflect advancements in the Open FAIR Risk Analysis spreadsheet tool?
  • Open FAIR and issues regarding promotion and adoption including:
    • Potential extensions to the standard
    • Collaboration with the FAIR Institute
    • Collaboration with Probability Management
    • Rebranding initiative
    • Additional documentation over the next 12 months:
      • Revision of the STIX to Open FAIR mapping White Paper
      • Compare and contrast “Risk” definition

The future direction for the Security Architecture Practitioners Project (SAPP) was discussed. Proposed documentation projects include:

  • Practical Considerations in Security Architectures Decisions:

     

    • Risk management models
    • Agency
    • Adversarial thinking
    • Trust
    • Privacy
    • Governance
    • Compliance
    • Cultural alignment
    • Identity management (see relevant Jericho Forum material)
  • Open FAIR alignment and integration with the SABSA Security Framework (Guide)
  • Compare and contrast security frameworks; a document to compare and contrast security frameworks and their relationships to one another, especially their application to security architecture
  • Self-protecting data protection/security; how do you document data securely?

A review was also conducted of the Security Forum presentation to the Governing Board.

Outputs

Notes and action items from the internal discussion were captured and will be brought back to the entire Forum at the next steering committee meeting/work group meeting.

Next Steps

Captured in minutes supplied to the members of the Security Forum.

Links

None.

The Open Group Platinum Members
dxc
fujitsu
HCL_Technologies
huawei
ibm
microfocus
oracle
philips