Cybersecurity – Page 2

Improving Return on Security Investment: Threat Modeling and The Open Group Open FAIR™ Risk Analysis as a KPI for Agile Projects

April 16, 2024 by Open Group

The first three posts of this series have laid plain the need to supplement ongoing threat modeling activities with quantitative risk analysis, such as the process described in The Open Group Open FAIR™ Body of Knowledge. They’ve briefly discussed a way to incorporate Open FAIR Risk Analysis in the threat modeling process and illustrate how the results would improve return on security investment by deliberately selecting cost-effective combinations of controls. But questions remain:

Improving Return on Security Investment: Estimating the Impact of Mitigations

April 2, 2024 by Open Group

By Simone Curzi, Principal Consultant, Microsoft; John Linford, Security Portfolio Forum Director, The Open Group; Dan Riley, Vice President & Distinguished Engineer Data Science, Kyndryl; Ken St. Cyr, Sr. Cybersecurity Architect, Microsoft

Understanding the risks present in the system you are developing is important, but it is even more important to determine mitigation actions. Activities like threat modeling can help with identifying your options, but they are usually too numerous and too expensive. What should you really do? And would the residual risk be acceptable afterwards?

Improving Return on Security Investment: Threat Modeling & Open FAIR

February 13, 2024 by Open Group

For most, Security is a cost. Therefore, it is important to get just the right amount of it, and no more. But how do you decide when you have enough Security, and what do you do to get it? That’s an entirely different matter. This is the first post of a series on how to Improve the Return on your Security Investment with Threat Modeling and Open FAIR.

Is Your Business Prepared for a Cybersecurity Reality Check?

February 1, 2024 by Open Group

By Joseph Carson, Chief Security Scientist & Advisory CISO at Delinea.

Knowing how to navigate the growing risks of cyberattacks is crucial for businesses regardless of their industry. In reality, many companies fall short in their cybersecurity ap

Applying EA Frameworks to Enhance Cybersecurity

November 28, 2023 by EAPJ Editor

How can organisations effectively apply Enterprise Architecture frameworks to enhance…

Announcing Version 1.2 of the Open Trusted Technology Provider™ Standard (O-TTPS)

September 5, 2023 by Open Group

By John Linford, Forum Director, The Open Group, Security & Open Trusted Technology (OTTF)

The Open Group Open Trusted Technology Forum (OTTF) is pleased to announce the publication of Version 1.2 of the Open Trusted Technology Provider™ Standard (O-TTPS). The movement from Version 1.1.1 to Version 1.2 represents a deliberate review of the O-TTPS to ensure the requirements in it remain up to date and reflect learnings from industry and government.

Sitting Down with Joanne Woytek- Elected Customer Representative to The Open Group Governing Board

September 1, 2022 by Open Group

By Ash Patel – Marketing Specialist, The Open Group

Recently we reached out to Joanne Woytek (Program Director for the NASA SEWP Program), to discuss her role as a Governing Customer Member Representative for The Open Group Governing Board.

Don’t Wait for Scammers – Inoculate Your People First

December 11, 2021 by Doug Newdick

At the time of writing we are heading into Christmas, we’ve just started the traffic light system, we are getting our vaccine passports, and there are new variants of Covid spreading. Spammers and scammers take advantage of events like these (and the confusion and anxiety that comes with them) to rip us off. So do […]

The Open Group Virtual Event Celebrates 25 Years of Open Technology Standards October 25-27, 2021- Highlights

November 3, 2021 by Open Group

Last week, The Open Group Open Digital Standards October 2021 brought together organizations and speakers from across the world to discuss how the cross-industry development of open standards is helping businesses become digital-first. The global event was hosted in Brazil, China, India, Japan, South Africa, United Kingdom, and the United States. The event commemorated The Open Group 25th anniversary – acknowledging and reminiscing the remarkable achievements in the technology standards arena. Over 2,600 attendees from more than 100 countries gathered virtually to to share in the celebration and learn more about open technology standards.

The Open Group and the Executive Order on Improving the Nation’s Cybersecurity

June 15, 2021 by Open Group

On May 12, 2021, President Joe Biden issued the Executive Order on Improving the Nation’s Cybersecurity. This EO enumerates that “…the prevention, detection, assessment, and remediation of cyber incidents is a top priority and essential to national and economic security.” The EO contains a significant level of detail regarding areas of improvement for federal IT systems, as well as policy responses to be implemented by the government in support of greater security for private and public IT systems. The EO mentions in some detail the shift to zero trust security as a part of what is needed to combat cyber threats, as well as increased reliance on enhanced supply chain security.

The Open Group Zero Trust Initiative and The President’s Executive Order on Improving the Nation’s Cybersecurity

June 11, 2021 by Open Group

Nikhil Kumar, ZTA Working Group Co-Chair & President, Applied Technology Solutions, Inc. Mark Simos, ZTA Working Group Co-Chair & Lead Cybersecurity Architect, Microsoft Altaz Valani,

Solorigate: A case study for why supply chain security is critical for governments and businesses

January 20, 2021 by Open Group

By Jim Hietala (VP, BD and Security), Andras Szakal (VP and CTO), John Linford Security and OTTF Forum Director) – The Open Group

In potentially the most damaging cyber-supply chain attack ever, a leading IT systems management vendor became the latest hi-tech company to suffer a major cybersecurity breach with wide-reaching consequences. The malware that caused the attack has been dubbed SUNBURST by Microsoft and code-named Solorigate by FireEye, the security consulting firm that uncovered the breach after falling victim to it late last year.

After successfully infiltrating the development environment, attackers were able to observe and learn how to subvert the vendor’s development and operations pipeline. Hackers were then able to maliciously taint the vendor’s product by planting a sophisticated trojan. Once the software, which required broad systems access, was installed in customers’ environments, the attackers were able to leverage the tainted software to exfiltrate sensitive information from within an organization’s network.