Aggregated enterprise architecture wisdom
Nikhil Kumar, ZTA Working Group Co-Chair & President, Applied Technology Solutions, Inc. Mark Simos, ZTA Working Group Co-Chair & Lead Cybersecurity Architect, Microsoft Altaz Valani,
By Jim Hietala (VP, BD and Security), Andras Szakal (VP and CTO), John Linford Security and OTTF Forum Director) – The Open Group
In potentially the most damaging cyber-supply chain attack ever, a leading IT systems management vendor became the latest hi-tech company to suffer a major cybersecurity breach with wide-reaching consequences. The malware that caused the attack has been dubbed SUNBURST by Microsoft and code-named Solorigate by FireEye, the security consulting firm that uncovered the breach after falling victim to it late last year.
After successfully infiltrating the development environment, attackers were able to observe and learn how to subvert the vendor’s development and operations pipeline. Hackers were then able to maliciously taint the vendor’s product by planting a sophisticated trojan. Once the software, which required broad systems access, was installed in customers’ environments, the attackers were able to leverage the tainted software to exfiltrate sensitive information from within an organization’s network.
The Open Group Security Forum is thrilled to announce the publication of an update to the Open FAIR™ Body of Knowledge (BoK). The Open FAIR BoK is comprised of The Open Group Risk Taxonomy (O-RT) Standard and The Open Group Risk Analysis (O-RA) Standard. The Open Group initiated a standards effort regarding FAIR ~10 years ago, and these standards define the official, open, vendor-neutral and consensus-developed definition of FAIR.
This blog post is the third of three in a series to describe updates to the Open FAIR™ Body of Knowledge. It will describe specific updates to O-RT to bring it to Version 3.0. The first post described revisions made to both O-RA and O-RT for consistency between the documents; the second post described specific updates to O-RA to bring it to Version 2.0.
The Open Group Security Forum is thrilled to announce the publication of an update to the Open FAIR™ Body of Knowledge (BoK). The Open FAIR BoK is comprised of The Open Group Risk Taxonomy (O-RT) Standard and The Open Group Risk Analysis (O-RA) Standard. The Open Group initiated a standards effort regarding FAIR ~10 years ago, and these standards define the official, open, vendor-neutral and consensus-developed definition of FAIR.
The big bang that started The Open Group Conference in Newport Beach was, appropriately, a presentation related to astronomy. Chris Gerty gave a keynote on Big Data at NASA, where he is Deputy Program Manager of the Open Innovation Program. And that exploration – as is often the case with successful space missions – left us wondering what lies beyond. … Continue reading →
Totaling 446 tweets, yesterday’s 2013 Security Priorities Tweet Jam (#ogChat) saw a lively discussion on the future of security in 2013 and became our most successful tweet jam to date. In case you missed the conversation, here’s a recap of yesterday’s #ogChat! Continue reading →
VP of Security Jim Hietala previews the upcoming cybersecurity sessions at The Open Group Conference in Washington, D.C. Continue reading →
By Pascal de Koning, KPN You want to put your company’s business strategy into action. What’s the best way to accomplish this? This can be done in a structured manner by using an Enterprise Architecture Framework like TOGAF®. TOGAF® offers …
By Jim Hietala, Vice President, Security, The Open Group 2011 confirmed what many in the Enterprise Architecture industry have feared – data breaches are on the rise. It’s not just the number and cost of data breaches, but the sheer … Continu…
As the IT environment has changed significantly over the past several years, members of the Security Forum saw a need to revisit the document, Enterprise Security Architecture, and to update the guidance contained in it to address changes including mob…
O-ISM3 can be implemented as a top-down methodology to manage an entire information security program, or it can be deployed more tactically, starting with just a few information security processes. As such, it can deliver value to information security …
Listen to our recorded podcast on the current state of EA, or read the transcript. The podcast was recorded by Dana Gardner of Interarbor Solutions at The Open Group Conference, San Diego 2011. Continue reading →