Public Sessions
Monday: Dependability in Open Systems
How Enterprise Architecture is Helping NISSAN IT Transformation
Celso Guitoko, Corporate Vice President and CIO, Nissan Motor Co., Ltd.
Tuesday: Security Survey; Cyber-Security;
Trusted Technology
Cyber Attack Plenary Keynote:
What You're Up Against: Mobsters, Nation-States, and Blurry Lines
Joseph Menn, Author and Cybersecurity Correspondent for the Financial Times
Security Survey:
The Open Group Security Survey Results
Jim Hietala, The Open Group
TOGAF-SABSA:
Overview of TOGAF® and SABSA Integration White Paper
Dave Hornford, Chair, Architecture Forum
Cyber-Security:
Information Security in the Internet Age
Steve Whitlock, Chief Security Strategist, Boeing
PANEL: Strategies for Data Protection, Trusted Environments, Identity Entitlement & Access Management, Resilience, and Security Intelligence/Management
Moderated by Ann Mezzapelle, HP Strategist, Security Services with: Chirantan “CJ” Desai, Senior VP, Endpoint and Mobility
Group, Symantec; Alan Kessler, VP and GM Development, Security Research and
Support Enterprise Security Products, HP; and Greg Brown, VP Product
Marketing Network Security, McAfee
Trusted Technology:
Andras Szakal, IBM and Chair of The Open Group Trusted Technology Forum (OTTF) presented an update of this area.
Wednesday: Security in the Cloud
Architecting a RESTful Cloud: The Key to Elasticity
Jason Bloomberg, President, ZapThink
Architecting for Information Security in a Cloud Environment
David J. W. Gilmour, Metaplexity Associates, US
Members-Only Sessions
Information Security Management – Using O-ISM3
to Enhance ISO/IEC 27001
This Guide explains how to use the O-ISM3 Standard to optimize security
management based on ISO/IEC 27001. It is a
follow-on deliverable from publication of the O-ISM3 Standard in February
2011. It is aimed at Business Risk
Managers and Information Security Managers who know and use ISO/IEC 27001 as
the foundation for their organization’s Information Security Management
System (ISMS), but who also see that increasing demands for improved security
in the face of continual increases in security exploits and cyber-terrorism
require more effective ways to measure the performance of all aspects of
their ISMS. They need these
measurements to inform them and their business managers on how to cost-effectively
target their investment in their ISMS so that it meets their organization's
business security goals – both in compliance and in business efficiency.
The draft v6 discussed in this meeting is in
Security Forum member review until February 28, leading to submission to Company
Review for approval to publish as a Guide.
Identity, Entitlement, & Access Management
– Identity Training Pack, and participation in USA National Strategy for
Trusted Identities in Cyberspace (NSTIC) initiative
The Jericho Forum Identity Webinar is archived on a recording available here.
The presentation only is available here.
Members in this meeting reviewed the presentation in detail, and the feedback
received will be used to develop both the slide deck and inform development
of the Jericho Forum Identity Training Pack.
Also included in this session was an update on progress from the leaders of
the USA National Strategy for Trusted Identities in Cyberspace (NSTIC)
initiative, which the Jericho Forum and the Security Forum have strong interest
in supporting. The NSTIC announcement
includes advisories on:
-
Funding for Pilot Programs that support the
NSTIC initiative; see here for plans to establish an NSTIC Steering Group
- A meeting at RSA USA on Wednesday February 29
from 3-5pm in Room 121 of the Moscone Center in San Francisco giving an NSTIC
update featuring White House Cybersecurity Co-ordinator Howard Schmidt and
NSTIC National Program Office Manager Jeremy Grant
- A meeting session at the annual NIST-hosted IDtrust
Workshop on March 13-14 at the NIST Campus in Gaithersburg, MD; for more
information see here
Authorization Roles Managed on RBAC (ARMOR)
Standard
The Security Forum Working Group has now completed its development of this
standard, which is intended to be taken up in The Open Group Single UNIX
Specification when it successfully completes its formal approval
through Company Review. In this
meeting, the draft ARMOR specification was approved for submission to Company
Review.
TOGAF-next – Development Workshop on Integrating
Information Security into TOGAF-next
Reviews in the Security Forum Steering Committee with Dave Hornford (Chair, Architecture
Forum) on November 29, 2011 and December 14, 2011 provided the
basis for Steering Committee members to develop a project proposal to integrate
architecting information security into TOGAF, based on Dave Hornford’s presentation.
This proposal was taken forward in this workshop, in which the participants developed
a TOGAF-next-security outline project plan which synchronized to the Architecture
Forum’s proposed timeframe for developing TOGAF-next Parts 1, 2, & 3. This outline plan included pulling together
an inventory of existing Security Forum and Jericho Forum resource documents from
which we can extract relevant material to re-purpose, and thereby do a gap
analysis on what new material this project will need to develop. Members also clarified with the
Architecture Forum Chair and Open Group Forum Director our understandings on
how we should work with the Architecture Forum to deliver and integrate our
information security contributions into each of Parts 1, 2, and 3 of this
project.Actions were agreed to take
this project forward.
Dependency Modelling Standard for Managing Risk in Complex Interdependent Systems
This standard is expected to represent a significant addition to our Risk Management
publications. This meeting session reviewed
the draft 3 specification, which has undergone significant re-structuring during
development from the previous draft 2. Pete Burnap and Richard Byford from our Intradependency project
partner led a review through each chapter of draft 3, highlighting the
objectives and new specification content, and the areas where the project
partners intend to revise existing coverage on metrics, and adding a reference
model example. This work to develop
draft 4 is planned for members review starting February 24, with the aim to
finalize the draft standard for Company Review starting end-March 2012. Discussion closed with a review identifying
all Open Group members who we should target in our development review on
drafts 3 and 4, and in the Company Review.
Secure
Mobile Architecture (SMA) Standard
In this meeting session, members reviewed draft 1.6 of our SMA Snapshot, with
the aim to re-structure its existing content into four main sections –
Introduction(1), Requirements(2), Mobility & Interoperability(3), Reference
Model(4), plus Appendices for including Use-Case Analysis and Relevant
Standards Information. Dependencies on
the ISA 100.15 standards work (expected to be available in Q112) and on protocols
development work in the TCG (which may need to be taken to the IETF) suggest
we may anticipate moving SMA from a Snapshot to a Standard in Q212. Actions were agreed to develop the
re-structured draft 1.6 in the next four weeks, for review as draft 1.7.
ArchiMate® and Security – Joint Workshop with
the Archimate Forum
Information on what ArchiMate is and delivers is available here.
Iver Band and Christophe Feltus gave a presentation on the goals and
background to their business architecture objectives for adding roles and
responsibilities for security into ArchiMate.
Christophe followed with a presentation on his research outcomes on this
topic.
Discussion then ensued on how best to approach the ArchiMate requirements for
security to meet the needs of the business stakeholders, from which a next-steps
plan was agreed.