8 days ago

No-IT. Really. No. I. T.

The world is waking up to the systemic vulnerabilities of our massive dependence on interdependent large logical (IT) landscapes. These not only lead to inertia — change becomes harder and harder —, but also to a brittleness of our organisations — and …

23 days ago

Humanizing Patch Prioritization

Written by:
Denny Wan, Reasonable Security
James Middleton, Nationwide Insurance
Melissa Melancon, Kyndryl
John Feezell, Kyndryl
John Linford, The Open Group

“Practice what you Preach”

Hindsight is a powerful thing. Cyber defenders often bear the brunt of the blame for “preventable” cyber incidents that are attributed to a failure to apply available patches in a timely manner. For example, Veracode found that 1 in 3 applications (38 percent) still use vulnerable versions of Log4j two years after the vulnerability was disclosed and patches were made available[1]. It is easy to allocate blame for the failure to patch, but it is not the full story.

1 month, 28 days ago

Securing Vendor Relationships: The Crucial Role of Third-Party Audit

Guest submission by: Nazy Fouladirad, President and COO of Tevora, a global leading cybersecurity consultancy.

Many modern companies grow their operations by working with remote teams and cloud-based systems. However, as cybersecurity threats are growing and data protection laws are becoming more strict, data security, in particular with third-party entities, is of utmost importance.

Third-party audits verify vendor practices align with security and regulatory requirements to protect sensitive information. As businesses navigate their digital transformations, these audits strengthen vendor relationships while ensuring data integrity for everyone.

3 months, 4 days ago

Improving Return on Security Investment: Threat Modeling and The Open Group Open FAIR™ Risk Analysis as a KPI for Agile Projects

The first three posts of this series have laid plain the need to supplement ongoing threat modeling activities with quantitative risk analysis, such as the process described in The Open Group Open FAIR™ Body of Knowledge. They’ve briefly discussed a way to incorporate Open FAIR Risk Analysis in the threat modeling process and illustrate how the results would improve return on security investment by deliberately selecting cost-effective combinations of controls. But questions remain:

3 months, 18 days ago

Improving Return on Security Investment: Estimating the Impact of Mitigations

By Simone Curzi, Principal Consultant, Microsoft; John Linford, Security Portfolio Forum Director, The Open Group; Dan Riley, Vice President & Distinguished Engineer Data Science, Kyndryl; Ken St. Cyr, Sr. Cybersecurity Architect, Microsoft

Understanding the risks present in the system you are developing is important, but it is even more important to determine mitigation actions. Activities like threat modeling can help with identifying your options, but they are usually too numerous and too expensive. What should you really do? And would the residual risk be acceptable afterwards?

5 months, 7 days ago

Improving Return on Security Investment: Threat Modeling & Open FAIR

For most, Security is a cost. Therefore, it is important to get just the right amount of it, and no more. But how do you decide when you have enough Security, and what do you do to get it? That’s an entirely different matter. This is the first post of a series on how to Improve the Return on your Security Investment with Threat Modeling and Open FAIR.

10 months, 15 days ago

Announcing Version 1.2 of the Open Trusted Technology Provider™ Standard (O-TTPS)

By John Linford, Forum Director, The Open Group, Security & Open Trusted Technology (OTTF)

The Open Group Open Trusted Technology Forum (OTTF) is pleased to announce the publication of Version 1.2 of the Open Trusted Technology Provider™ Standard (O-TTPS). The movement from Version 1.1.1 to Version 1.2 represents a deliberate review of the O-TTPS to ensure the requirements in it remain up to date and reflect learnings from industry and government.

2 years, 8 months ago

The Open Group Virtual Event Celebrates 25 Years of Open Technology Standards October 25-27, 2021- Highlights

Last week, The Open Group Open Digital Standards October 2021 brought together organizations and speakers from across the world to discuss how the cross-industry development of open standards is helping businesses become digital-first. The global event was hosted in Brazil, China, India, Japan, South Africa, United Kingdom, and the United States. The event commemorated The Open Group 25th anniversary – acknowledging and reminiscing the remarkable achievements in the technology standards arena. Over 2,600 attendees from more than 100 countries gathered virtually to to share in the celebration and learn more about open technology standards.