Skip to main content

Paris 2016: Proceedings - Security Forum

Security Forum Members' Meeting

Objective of Meeting

Attendance of the Security Forum by its representatives had limited participation at the Paris meeting. The meeting agenda focused on the following items:

  • Introduction of a new revision of the O-ISM3 standard for consideration
  • Discussion of the status of the Academic Program
  • Refresh of the Open FAIR standard and product reintroduction
  • Status of the following Initiatives:
    • Open FAIR Process Guide
    • Open FAIR to STIX Mapping White Paper
    • "Risk" Compare and Contrast White Paper
  • Strategy discussion on the Security Architecture Practitioner’s Project

Summary

The latest revision of O-ISM3 was presented to the Forum. It included an overview of the standard as well as the modifications made to this version of the standard. A recording of the review was made and will be made available for viewing by the rest of the Forum.

A review was done on the current status of the development of an Academic Program. An interim plan is being executed that supports specific Security Forum agenda items. Two interns are planned: one supporting the Open FAIR Process Guide, and a second to support the development of an Open Source Open FAIR risk analysis tool. A longer-term program is also being developed to support Forums in general.

The Security Architecture Practitioner’s Project presented their revised strategy on the production of a series of practitioner guides on security and architecture. A new (rethought) outline was presented on the first document in the series on “What is Security Architecture”.  This document will act as the architecture document for the rest of the series. This series of guides is intended to act as a body of knowledge for a possible certification strategy. The SABSA Institute would like to contribute a significant amount of their IPR to this initial document and asked if they could have shared IPR and the ability to redistribute the document. The Open Group initial take on this is that the arrangement meets the needs of both organizations.

Next Steps

The O-ISM3 standard will be submitted for review and comment by the Security Forum. An announcement will be made by November 7, 2016.