One week ago

Improving Return on Security Investment: Threat Modeling and The Open Group Open FAIR™ Risk Analysis as a KPI for Agile Projects

The first three posts of this series have laid plain the need to supplement ongoing threat modeling activities with quantitative risk analysis, such as the process described in The Open Group Open FAIR™ Body of Knowledge. They’ve briefly discussed a way to incorporate Open FAIR Risk Analysis in the threat modeling process and illustrate how the results would improve return on security investment by deliberately selecting cost-effective combinations of controls. But questions remain:

21 days ago

Improving Return on Security Investment: Estimating the Impact of Mitigations

By Simone Curzi, Principal Consultant, Microsoft; John Linford, Security Portfolio Forum Director, The Open Group; Dan Riley, Vice President & Distinguished Engineer Data Science, Kyndryl; Ken St. Cyr, Sr. Cybersecurity Architect, Microsoft

Understanding the risks present in the system you are developing is important, but it is even more important to determine mitigation actions. Activities like threat modeling can help with identifying your options, but they are usually too numerous and too expensive. What should you really do? And would the residual risk be acceptable afterwards?

1 month, 3 days ago

Improving Return on Security Investment: Evaluating the Current Risk

By Simone Curzi, Principal Consultant, Microsoft; John Linford, Security Portfolio Forum Director, The Open Group; Dan Riley, Vice President & Distinguished Engineer, Data Science, Kyndryl; Ken St. Cyr, Sr. Cybersecurity Architect, Microsoft

Threat Modeling and Open FAIR™ Standard, a standard of The Open Group, can answer some of the most important questions we have currently on Security. With this second blog in the ‘Improving Return on Security Investment’ series, we try to answer one of those key questions: “How much security is enough?”

2 months, 10 days ago

Improving Return on Security Investment: Threat Modeling & Open FAIR

For most, Security is a cost. Therefore, it is important to get just the right amount of it, and no more. But how do you decide when you have enough Security, and what do you do to get it? That’s an entirely different matter. This is the first post of a series on how to Improve the Return on your Security Investment with Threat Modeling and Open FAIR.

8 months, 22 days ago

The Open Group Virtual Event Highlights – EA for Sustainability – July 25 – 27, 2023

By Ash Patel, Marketing Specialist, The Open Group.

The Open Group hosted a virtual event on Enterprise Architecture (EA) for Sustainability July 25 – 27, 2023, assembling leading industry and global subject matter experts. The event looked at Enterprise Architecture (EA) helping organizations identify sustainability goals, along with focusing on the TOGAF® User Group, and The Open Group India Awards for Innovation and Excellence. Here are our key highlights and takeaways from across the three days.

11 months, 5 days ago

The Open Group Launches Learning Paths for IT4IT™, Open FAIR™, and TOGAF® Enterprise Architecture Leader Certificatio

By Ash Patel, Marketing Specialist, The Open Group

We briefly met up with Andrew Josey, Fellow and VP of Standards & Certification at The Open Group Summit in London to discuss the latest learning paths aimed at IT practitioners and Enterprise Architects. Thank you to Andrew for his time. Please see the full interview below

1 year, 9 months ago

The Open FAIR™ Body of Knowledge: Gaining Awareness and Adoption Internationally

By Jim Hietala, VP of Security and Business Development, The Open Group and John Linford, Forum Director, Security and Open Trusted Technology Forums, The Open Group.

Open FAIR has seen rapid and extensive adoption in the US, where it has become the defacto standard for quantifying cybersecurity risk. We at The Open Group are encouraged that Open FAIR awareness and adoption are also increasing globally, and we’ve also seen some increased usage outside of the traditional IT risk quantification area. Some interesting recent developments on increased Open FAIR use and adoption outside of the US, and outside of the IT area include:

2 years, 8 months ago

The Open Group ‘Open Digital Standards’ Virtual Event July 19 – 21, 2021 – Highlights

Last week, our Open Digital Standards July 2021 event brought together vendors and end-user organizations from across the globe to discuss how the cross-industry development of open standards is helping businesses become digital-first. It was fantastic to have over 1,040 attendees from more than 90 countries gather virtually to discuss this critical roadmap to digital transformation.

2 years, 11 months ago

Enterprise Architecture, Open Standards, and Aircraft Certification

Aircraft safely is of interest to everyone around the world. To address aircraft safety there are certification processes in place where two organizations with the greatest involvement are the FAA (Federal Aviation Agency) in the US, and the EASA (European Union Aviation Safety Agency) in Europe.

Certification is how the FAA manages risk through safety assurance. It provides the FAA confidence that a proposed product or operation will meet FAA safety expectations to protect the public. Certification affirms that FAA requirements have been met.