Tag: security

Securing Vendor Relationships: The Crucial Role of Third-Party Audit

Guest submission by: Nazy Fouladirad, President and COO of Tevora, a global leading cybersecurity consultancy.

Many modern companies grow their operations by working with remote teams and cloud-based systems. However, as cybersecurity threats are growing and data protection laws are becoming more strict, data security, in particular with third-party entities, is of utmost importance.

Third-party audits verify vendor practices align with security and regulatory requirements to protect sensitive information. As businesses navigate their digital transformations, these audits strengthen vendor relationships while ensuring data integrity for everyone.

Continue reading

Toward a Standardized Security Reference Architecture for SMBs and Small Governments

By John Linford, Security Portfolio Forum Director, The Open Group & Michelle Horrobin, Digital Portfolio Director, The Open Group

As has become evident in recent years and even months, modern organizations offer new products which are, more and more, dependent on digital components, and need to be secure to avoid falling victim to increasingly sophisticated and increasingly frequent cyber attacks. On top of having organizational, internal reasons for improving their security posture, these organizations also must keep up with increasing scrutiny and compliance requirements from governments and regulatory agencies, as well as customers and partners. Consequently, not only might a successful cyber attack leave an organization unable to operate, but it might also result in media backlash and fines and judgements for breaches and violations for the organization.

Continue reading

Improving Return on Security Investment: Threat Modeling and The Open Group Open FAIR™ Risk Analysis as a KPI for Agile Projects

The first three posts of this series have laid plain the need to supplement ongoing threat modeling activities with quantitative risk analysis, such as the process described in The Open Group Open FAIR™ Body of Knowledge. They’ve briefly discussed a way to incorporate Open FAIR Risk Analysis in the threat modeling process and illustrate how the results would improve return on security investment by deliberately selecting cost-effective combinations of controls. But questions remain:

Continue reading

Improving Return on Security Investment: Estimating the Impact of Mitigations

By Simone Curzi, Principal Consultant, Microsoft; John Linford, Security Portfolio Forum Director, The Open Group; Dan Riley, Vice President & Distinguished Engineer Data Science, Kyndryl; Ken St. Cyr, Sr. Cybersecurity Architect, Microsoft

Understanding the risks present in the system you are developing is important, but it is even more important to determine mitigation actions. Activities like threat modeling can help with identifying your options, but they are usually too numerous and too expensive. What should you really do? And would the residual risk be acceptable afterwards?

Continue reading

Improving Return on Security Investment: Threat Modeling & Open FAIR™ Risk Analysis

For most, Security is a cost. Therefore, it is important to get just the right amount of it, and no more. But how do you decide when you have enough Security, and what do you do to get it? That’s an entirely different matter. This is the first post of a series on how to Improve the Return on your Security Investment with Threat Modeling and Open FAIR.

Continue reading

Is Your Business Prepared for a Cybersecurity Reality Check?

By Joseph Carson, Chief Security Scientist & Advisory CISO at Delinea.

Knowing how to navigate the growing risks of cyberattacks is crucial for businesses regardless of their industry. In reality, many companies fall short in their cybersecurity ap

Continue reading

The Open Group Summit – Event Highlights Delivering a Sustainable and Secure Tomorrow – Houston, Texas – October 30 – November 2, 2023

By Ash Patel, Marketing Specialist, The Open Group

The recent Summit of The Open Group in Houston brought together a variety of subject matter experts, keynote speakers, Forum Members, Work Groups, and Consortia to engage in an active dialogue involving the following tracks: Enterprise Architecture (EA) for Sustainability, Cybersecurity and Zero Trust, Open Industry Standards, and The Digital Enterprise.

Continue reading

Security shield

Sitting Down with John Linford- Security & OTTF Forum Director, The Open Group

By Ash Patel, Marketing Specialist. Recently we reached out to John Linford, Security & OTTF Forum Director, for The Open Group, to discuss his role, industry advice, updates within his Forum and lots more. Thank you again to John for his time and for giving us an expansive look into his Forum at large. Please see the full interview below:

Continue reading

Sitting Down with Joanne Woytek- Elected Customer Representative to The Open Group Governing Board

By Ash Patel – Marketing Specialist, The Open Group

Recently we reached out to Joanne Woytek (Program Director for the NASA SEWP Program), to discuss her role as a Governing Customer Member Representative for The Open Group Governing Board.

Continue reading

The Open Group Event Highlights – July 25-27, 2022 – Washington DC

In late July, The Open Group hosted an event bringing together speakers and practitioners from around the world to meet in Washington, DC at the historical Mayflower Hotel, and discuss some of today’s most vital topics in the area of security and resiliency. 

With a focus on Zero Trust Architecture and Supply Chain Security, leaders from businesses including Microsoft, IBM, Micro Focus, and ServiceNow joined experts from public sector organizations like NIST and NASA, together with representatives from The Open Group itself, to explore how open standards are driving important developments and actionable insights in these important and developing topics.

Continue reading

The Open FAIR™ Body of Knowledge: Gaining Awareness and Adoption Internationally

By Jim Hietala, VP of Security and Business Development, The Open Group and John Linford, Forum Director, Security and Open Trusted Technology Forums, The Open Group.

Open FAIR has seen rapid and extensive adoption in the US, where it has become the defacto standard for quantifying cybersecurity risk. We at The Open Group are encouraged that Open FAIR awareness and adoption are also increasing globally, and we’ve also seen some increased usage outside of the traditional IT risk quantification area. Some interesting recent developments on increased Open FAIR use and adoption outside of the US, and outside of the IT area include:

Continue reading

The Open Group and the Executive Order on Improving the Nation’s Cybersecurity

On May 12, 2021, President Joe Biden issued the Executive Order on Improving the Nation’s Cybersecurity. This EO enumerates that “…the prevention, detection, assessment, and remediation of cyber incidents is a top priority and essential to national and economic security.” The EO contains a significant level of detail regarding areas of improvement for federal IT systems, as well as policy responses to be implemented by the government in support of greater security for private and public IT systems. The EO mentions in some detail the shift to zero trust security as a part of what is needed to combat cyber threats, as well as increased reliance on enhanced supply chain security.

Continue reading

Solorigate: A case study for why supply chain security is critical for governments and businesses

By Jim Hietala (VP, BD and Security), Andras Szakal (VP and CTO), John Linford Security and OTTF Forum Director) – The Open Group

In potentially the most damaging cyber-supply chain attack ever, a leading IT systems management vendor became the latest hi-tech company to suffer a major cybersecurity breach with wide-reaching consequences. The malware that caused the attack has been dubbed SUNBURST by Microsoft and code-named Solorigate by FireEye, the security consulting firm that uncovered the breach after falling victim to it late last year.

After successfully infiltrating the development environment, attackers were able to observe and learn how to subvert the vendor’s development and operations pipeline. Hackers were then able to maliciously taint the vendor’s product by planting a sophisticated trojan. Once the software, which required broad systems access, was installed in customers’ environments, the attackers were able to leverage the tainted software to exfiltrate sensitive information from within an organization’s network.

Continue reading

Updates to the Open FAIR™ Body of Knowledge, Part 3

The Open Group Security Forum is thrilled to announce the publication of an update to the Open FAIR™ Body of Knowledge (BoK). The Open FAIR BoK is comprised of The Open Group Risk Taxonomy (O-RT) Standard and The Open Group Risk Analysis (O-RA) Standard. The Open Group initiated a standards effort regarding FAIR ~10 years ago, and these standards define the official, open, vendor-neutral and consensus-developed definition of FAIR.

This blog post is the third of three in a series to describe updates to the Open FAIR™ Body of Knowledge. It will describe specific updates to O-RT to bring it to Version 3.0. The first post described revisions made to both O-RA and O-RT for consistency between the documents; the second post described specific updates to O-RA to bring it to Version 2.0.

Continue reading

Updates to the Open FAIR™ Body of Knowledge, Part 2

The Open Group Security Forum is thrilled to announce the publication of an update to the Open FAIR™ Body of Knowledge (BoK). The Open FAIR BoK is comprised of The Open Group Risk Taxonomy (O-RT) Standard and The Open Group Risk Analysis (O-RA) Standard. The Open Group initiated a standards effort regarding FAIR ~10 years ago, and these standards define the official, open, vendor-neutral and consensus-developed definition of FAIR.

Continue reading

Updates to the Open FAIR™ Body of Knowledge, Part 1

The Open Group Security Forum is thrilled to announce the publication of an update to the Open FAIR™ Body of Knowledge (BoK). The Open FAIR BoK is comprised of The Open Group Risk Taxonomy (O-RT) Standard and The Open Group Risk Analysis (O-RA) Standard. The Open Group initiated a standards effort regarding FAIR ~10 years ago, and these standards define the official, open, vendor-neutral and consensus-developed definition of FAIR.

Continue reading

Schneider Electric and Aramco to Collaborate on O-PAS™ Automation Test Bed

Schneider Electric, the leader in digital transformation of energy management and automation, and Aramco, the world’s pre-eminent integrated energy and chemicals company that drives global commerce and enhances the daily lives of people around the globe, today announced they have signed a memorandum of understanding to collaborate on assessing emerging technologies based on The Open Group Open Process Automation™ Standard (O-PAS). Testing will take place at a new built-for-purpose test bed in the Saudi Schneider Electric Innovation and Research Center in Dhahran Techno Valley, Saudi Arabia.

Continue reading

The Open Group at “Experience IT NM”

On November 4 and 5, 2020, the New Mexico Technology Council is hosting its virtual event entitled Experience IT NM. The New Mexico Technology Council a member-driven association of businesses, organizations, and tech professionals working together to promote the growth and success of New Mexico’s technology business sectors. Its members include a diverse mix of New Mexico companies, cities, and universities and colleges.

Continue reading

The Open Group ‘Digital-First’ Virtual July Event – Highlights Blog

As an organization that is known for its world-class events and prides itself on bringing people together globally, this week The Open Group hosted its second virtual event following the success of the first ever #ogVIRTUAL in April.

It was fantastic to have over 2,100 attendees from 107 countries come together virtually to explore the topic of ‘Digital First’. Sessions and workshops were hosted by a plethora of industry experts and centered on the security, trust, and architectural issues which need to be considered when becoming a “Digital-First” organization.

Continue reading

The Open Group to Hold “Digital-First” Event Virtually July 20-23, 2020

The Open Group, the vendor-neutral technology standards consortium, is hosting its upcoming “Digital-First” event virtually on July 20 – 23, 2020. The Open Group Digital-First July 2020 will bring together vendors and end-user organizations from across the globe to explore how they can make the radical, fundamental change towards becoming a digital enterprise – a topic that has never been more pertinent as business and technology leaders face the challenge of surviving and thriving in the ‘new normal’.

Continue reading

one two three five