Security Forum Members' Meeting
Objective of Meeting
The Security Forum conducted a two-day face-to-face session to discuss and plan the current set of activities within the Forum.
Summary
TOGAF® Security Project (TSP)
It was announced that the security guide “Integration of Risk and Security in a TOGAF® Enterprise Architecture” was approved, released, and published in the Open Group Bookstore (available here). A request was made by the SABSA Institute to publish it on their members' website.
A discussion was conducted on the development of the Security Forum’s “Security Practitioner’s Guide” series regarding topics and roadmap. There will be approximately 11 guide subjects; some related to the TOGAF standard, some not. The goal is to complete the basic outline and four documents by January of 2017.
A presentation/discussion was conducted by Thorbjorn Ellefsen on a proposal utilizing agile methods to develop the Security Forum’s “Security Practitioner's Guide” series. It was decided to run a “proof-of-concept” run using a Github-like environment to develop a document.
A joint meeting was conducted with the Architecture Forum to update on status of the Security Forum’s contributions to the TOGAF ADM. The end of May is considered the approximate drop-dead date for submission by the Security Forum.
Two New Initiatives
- Open FAIR to STIX Mapping: The Open FAIR to STIX White Paper project will map concepts, terms, and definitions from Open FAIR to STIX, which is a threat expressions language standard initially developed by MITRE, and now being standardized by OASIS. The charter has been reviewed and approved by the Steering Committee. An overview of STIX was given by Robert Martin (MITRE) to the Forum.
- Open FAIR Process Guide: The Forum discussed the project and charter. The charter has been approved, and the project has been given the go-ahead by the Security Forum steering committee. Eva Kuiper has created a first draft of the Process Guide using the ISO 27005 – FAIR Cookbook as a template. There was a suggestion from Jim May that we might consider using the case study/example FAIR analysis that Metaplexity developed as a part of the training materials as input to the Process Guide.
Open FAIR
Mike Jerbic conducted a discussion on engaging academia as a method of promoting Open Group standards, like Open FAIR, within the academic community. The primary goal is the development of the next generation of certified Open FAIR practitioners and Open Group members. The focus was on how to outreach and promote Open Group Security Forum standards, such as Open FAIR, to undergraduate and graduate educators, and student engagement with The Open Group through scholarship prize competitions (such as FAIR analyses or other demonstrations of student skills in Open Group Security Forum arenas).
We discussed six potential ideas on how to engage with academia and students. The main areas concentrated on were student recognition, student completions for small scholarships, student participation in Open Group Security Forum projects as an alternative to member participation in Open Group projects, developing standard teaching tools for educators to use, internship development for students, and discounted student study supplies for university student use. Many of these ideas/areas we concentrated on offer an opportunity to collaborate with the FAIR Institute, and all of them promote and expand the audience for Open FAIR through the academic channel.
On Thursday, the Security Forum conducted an Open FAIR “training-in-a-box” session to students from San Jose State University as part of an initiative to engage the academic community within the Security Forum.
A dinner was held with the newly formed FAIR Institute to determine each other’s role, mission, and how we could cooperate in our shared objective to promote the Open FAIR Standard.
Proposed Interim Meeting
In order to encourage greater participation within the Security Forum, it was recommended that we consider an “interim” meeting between The Open Group member events. This interim meeting is expressly intended to be a Work Group meeting without the additional activities normally associated with the full member events. Also, it should be in a central location between North America and Europe. The general consensus was that this interim meeting should be held approximately the last week of March or May in Reykjavík Iceland.
Next Steps
A series of action items were generated and included in the briefing to the Security Forum.
Links
- Training materials from Meteplexity as input to FAIR Process Guide