Cybersecurity – EA Voices

On July 31, 2024, The Open Group India Awards for Innovation & Excellence 2024, recognizing outstanding achievements in the adoption of Open Standards and Open Source software took place in the vibrant city of New Delhi, as part of The Open Group July Conference, themed “NextGen Digital for the Techade” from 29 to 31 July.

No-IT. Really. No. I. T.

July 12, 2024 by Gerben Wierda

The world is waking up to the systemic vulnerabilities of our massive dependence on interdependent large logical (IT) landscapes. These not only lead to inertia — change becomes harder and harder —, but also to a brittleness of our organisations — and …

Humanizing Patch Prioritization

June 27, 2024 by Open Group

Written by:
Denny Wan, Reasonable Security
James Middleton, Nationwide Insurance
Melissa Melancon, Kyndryl
John Feezell, Kyndryl
John Linford, The Open Group

“Practice what you Preach”

Hindsight is a powerful thing. Cyber defenders often bear the brunt of the blame for “preventable” cyber incidents that are attributed to a failure to apply available patches in a timely manner. For example, Veracode found that 1 in 3 applications (38 percent) still use vulnerable versions of Log4j two years after the vulnerability was disclosed and patches were made available[1]. It is easy to allocate blame for the failure to patch, but it is not the full story.

Securing Vendor Relationships: The Crucial Role of Third-Party Audit

May 23, 2024 by Open Group

Guest submission by: Nazy Fouladirad, President and COO of Tevora, a global leading cybersecurity consultancy.

Many modern companies grow their operations by working with remote teams and cloud-based systems. However, as cybersecurity threats are growing and data protection laws are becoming more strict, data security, in particular with third-party entities, is of utmost importance.

Third-party audits verify vendor practices align with security and regulatory requirements to protect sensitive information. As businesses navigate their digital transformations, these audits strengthen vendor relationships while ensuring data integrity for everyone.

Improving Return on Security Investment: Threat Modeling and The Open Group Open FAIR™ Risk Analysis as a KPI for Agile Projects

April 16, 2024 by Open Group

The first three posts of this series have laid plain the need to supplement ongoing threat modeling activities with quantitative risk analysis, such as the process described in The Open Group Open FAIR™ Body of Knowledge. They’ve briefly discussed a way to incorporate Open FAIR Risk Analysis in the threat modeling process and illustrate how the results would improve return on security investment by deliberately selecting cost-effective combinations of controls. But questions remain:

Improving Return on Security Investment: Estimating the Impact of Mitigations

April 2, 2024 by Open Group

By Simone Curzi, Principal Consultant, Microsoft; John Linford, Security Portfolio Forum Director, The Open Group; Dan Riley, Vice President & Distinguished Engineer Data Science, Kyndryl; Ken St. Cyr, Sr. Cybersecurity Architect, Microsoft

Understanding the risks present in the system you are developing is important, but it is even more important to determine mitigation actions. Activities like threat modeling can help with identifying your options, but they are usually too numerous and too expensive. What should you really do? And would the residual risk be acceptable afterwards?