Category Archives: Uncategorized

TOGAF® 9 Certification Growth

By Andrew Josey, The Open Group, Director of Standards

Number of individuals certified continues to increase over past 12 months – now 37,800

The number of individuals certified in the TOGAF® 9 certification program as of November 21, 2014 is 37,800. This represents over 10,000 new certifications in the past twelve-month period. TOGAF continues to be adopted globally with certified individuals from over 100 different countries.

The certifications for the period ending October 1, 2014 are shown in the figure below:

By Andrew Josey

The top five countries are UK, USA, Netherlands, India and Australia.

Individuals certified by Country – TOP 10 Countries – October 2014

Rank # Individuals Country Percentage
1 5350 UK 14.68%
2 4488 USA 12.32%
3 3056 Netherlands 8.39%
4 2835 India 7.78%
5 2264 Australia 6.21%
6 1641 Canada 4.5%
7 1305 France 3.58%
8 1272 South Africa 3.07%
9 1117 China 3.07%
10 984 Finland 2.7%

 

An interactive map showing detailed information on the number of certifications is available at http://www.togaf.info/togaf-visualmap.html

TOGAF Visual Heat map Oct 1 2014

There are over 50 accredited TOGAF 9 training course providers worldwide. More information on TOGAF 9 Certification, including the directory of Certified People and official accredited training course calendar, can be obtained from The Open Group website at: http://www.opengroup.org/togaf9/cert.

By Andrew JoseyAndrew Josey is Director of Standards within The Open Group. He is currently managing the standards process for The Open Group, and has recently led the standards development projects for TOGAF® 9.1, ArchiMate® 2.0, IEEE Std 1003.1-2008 (POSIX), and the core specifications of the Single UNIX® Specification, Version 4. Previously, he has led the development and operation of many of The Open Group certification development projects, including industry-wide certification programs for the UNIX system, the Linux Standard Base, TOGAF, and IEEE POSIX. He is a member of the IEEE, USENIX, UKUUG, and the Association of Enterprise Architects.

 

 

 

 

 

Leave a comment

Filed under Certifications, Standards, TOGAF, TOGAF®, Uncategorized

The Open Group London 2014: Eight Questions on Retail Architecture

By The Open Group

If there’s any vertical sector that has been experiencing constant and massive transformation in the ages of the Internet and social media, it’s the retail sector. From the ability to buy goods whenever and however you’d like (in store, online and now, through mobile devices) to customers taking to social media to express their opinions about brands and service, retailers have a lot to deal with.

Glue Reply is a UK-based consulting firm that has worked with some of Europe’s largest retailers to help them plan their Enterprise Architectures and deal with the onslaught of constant technological change. Glue Reply Partner Daren Ward and Senior Consultant Richard Veryard sat down recently to answer our questions about how the challenges of building architectures for the retail sector, the difficulties of seasonal business and the need to keep things simple and agile. Ward spoke at The Open Group London 2014 on October 20.

What are some of the biggest challenges facing the retail industry right now?

There are a number of well-documented challenges facing the retail sector. Retailers are facing new competitors, especially from discount chains, as well as online-only retailers such as Amazon. Retailers are also experiencing an increasing fragmentation of spend—for example, grocery customers buying smaller quantities more frequently.

At the same time, the customer expectations are higher, especially across multiple channels. There is an increased intolerance of poor customer service, and people’s expectations of prompt response is increasing rapidly, especially via social media.

There is also an increasing concern regarding cost. Many retailers have huge amounts invested in physical space and human resources. They can’t just keep increasing these costs, they must understand how to become more efficient and create new ways to make use of these resources.

What role is technology playing in those changes, and which technologies are forcing the most change?

New technologies are allowing us to provide shoppers with a personalized customer experience more akin to an old school type service like when the store manager knew my name, my collar size, etc. Combining technologies such as mobile and iBeacons is allowing us to not only reach out to our customers, but to also provide a context and increase relevance.

Some retailers are becoming extremely adept in using social media. The challenge here is to link the social media with the business process, so that the customer service agent can quickly check the relevant stock position and reserve the stock before posting a response on Facebook.

Big data is becoming one of the key technology drivers. Large retailers are able to mobilize large amounts of data, both from their own operations as well as external sources. Some retailers have become highly data-driven enterprises, with the ability to make rapid adjustments to marketing campaigns and physical supply chains. As we gather more data from more devices all plugged into the Internet of Things (IoT), technology can help us make sense of this data and spot trends we didn’t realize existed.

What role can Enterprise Architecture play in helping retailers, and what can retailers gain from taking an architectural approach to their business?

One of the key themes of the digital transformation is the ability to personalize the service, to really better understand our customers and to hold a conversation with them that is meaningful. We believe there are four key foundation blocks to achieving this seamless digital transformation: the ability to change, to integrate, to drive value from data and to understand the customer journey. Core to the ability to change is a business-driven roadmap. It provides all involved with a common language, a common set of goals and a target vision. This roadmap is not a series of hurdles that must be delivered, but rather a direction of travel towards the target allowing us to assess the impact of course corrections as we go and ensure we are still capable of arriving at our destination. This is how we create an agile environment, where tactical changes are still simple course corrections continuing on the right direction of travel.

Glue Reply provides a range of architecture services to our retail clients, from capability led planning to practical development of integration solutions. For example, we produced a five-year roadmap for Sainsbury’s, which allows IT investment to combine longer-term foundation projects with short-term initiatives that can respond rapidly to customer demand.

Are there issues specific to the retail sector that are particularly challenging to deal with in creating an architecture and why?

Retail is a very seasonal business—sometimes this leaves a very small window for business improvements. This also exaggerates the differences in the business and IT lifecycles. The business strategy can change at a pace often driven by external factors, whilst elements of IT have a lifespan of many years. This is why we need a roadmap—to assess the impact of these changes and re-plan and prioritize our activities.

Are there some retailers that you think are doing a good job of handling these technology challenges? Which ones are getting it right?

Our client John Lewis has just been named ‘Omnichannel Retailer of the Year’ at the World Retail Awards 2014. They have a vision, and they can assess the impact of change. We have seen similar success at Sainsbury’s, where initiatives such as brand match are brought to market with real pace and quality.

How can industry standards help to support the retail industry?

Where appropriate, we have used industry standards such as the ARTS (Association for Retail Standards) data model to assist our clients in creating a version that is good enough. But mostly, we use our own business reference models, which we have built up over many years of experience working with a range of different retail businesses.

What can other industries learn from how retailers are incorporating architecture into their operations?

The principle of omnichannel has a lot of relevance for other consumer-facing organizations, but also retail’s focus on loyalty. It’s not about creating a sale stampede, it’s about the brand. Apple is clearly an excellent example—when people queue for hours to be the first to buy the new product, at a price that will only reduce over time. Some retailers are making great use of customer data and profiling. And above, all successful retailers understand three key architectural principles that will drive success in any other sector—keep it simple, drive value and execute well.

What can retailers do to continue to best meet customer expectations into the future?

It’s no longer about the channel, it’s about the conversation. We have worked with the biggest brands in Europe, helping them deliver multichannel solutions that consider the conversation. The retailer that enables this conversation will better understand their customers’ needs and build long-term relationships.

By The Open GroupDaren Ward is a Partner at Reply in the UK. As well as being a practicing Enterprise Architecture, Daren is responsible for the development of the Strategy and Architecture business as well as playing a key role in driving growth of Reply in the UK. He is committed to helping organizations drive genuine business value from IT investments, working with both commercial focused business units and IT professionals.  Daren has helped establish Architecture practices at many organizations. Be it enterprise, solutions, integration or information architecture, he has helped these practices delivery real business value through capability led architecture and business-driven roadmaps.

 

RichardVeryard 2 June 2014Richard Veryard is a Business Architect and author, specializing in capability-led planning, systems thinking and organizational intelligence. Last year, Richard joined Glue Reply as a senior consultant in the retail sector.

 

Leave a comment

Filed under big data, Business Architecture, digital technologies, Enterprise Architecture, Internet of Things, Uncategorized

Global Open Trusted Technology Provider™ Standard

By Sally Long, Forum Director, Open Trusted Technology Forum, The Open Group

A First Line of Defense in Protecting Critical Infrastructure – A Technical Solution that can Help Address a Geo-political Issue

The challenges associated with Cybersecurity and critical infrastructure, which include the security of global supply chains, are enormous. After working almost exclusively on supply chain security issues for the past 5 years, I am still amazed at the number of perspectives that need to be brought to bear on this issue.

Recently I had the opportunity to participate in a virtual panel sponsored by InfoSecurity Magazine entitled: “Protecting Critical Infrastructure: Developing a Framework to Mitigate Cybersecurity Risks and Build Resilience”. The session was recorded and the link can be found at the end of this blog.

The panelists were:

  • Jonathan Pollet, Founder, Executive Director Red Tiger Security
  • Ernie Hayden, Executive Consultant, Securicon LLC
  • Sean Paul McGurk, Global Managing Principal, Critical Infrastructure Protection Cybersecurity, Verizon
  • Sally Long, Director, The Open Group Trusted Technology Forum

One perspective I brought to the discussion was the importance of product integrity and the security of ICT global supply chains as a first line of defense to mitigate vulnerabilities that can lead to maliciously tainted and counterfeit products. This first line of defense must not be ignored when discussing how to prevent damage to critical infrastructure and the horrific consequences that can ensue.

The other perspective I highlighted was that securing global supply chains is both a technical and a global geo-political issue. And that addressing the technical perspective in a vendor-neutral and country-neutral manner can have a positive effect on diminishing the geo-political issues as well.

The technical perspective is driven by the simple fact that most everything has a global supply chain – virtually nothing is built from just one company or in just one country. In order for products to have integrity and their supply chains to be secure all constituents in the chain must follow best practices for security – both in-house and in their supply chains.

The related but separate geo-political perspective, driven by a desire to protect against malicious attackers and a lack of trust of/from nation-states, is pushing many countries to consider approaches that are disconcerting, to put it mildly. This is not just a US issue; every country is concerned about securing their critical infrastructures and their underlying supply chains. Unfortunately we are beginning to see attempts to address these global concerns through local solutions (i.e. country specific and disparate requirements that raise the toll on suppliers and could set up barriers to trade).

The point is that an international technical solution (e.g. a standard and accreditation program for all constituents in global supply chains), which all countries can adopt, helps address the geo-political issues by having a common standard and common conformance requirements, raising all boats on the river toward becoming trusted suppliers.

To illustrate the point, I provided some insight into a technical solution from The Open Group Trusted Technology Provider Forum. The Open Group announced the release of the Open Trusted Technology Provider™ Standard (O-TTPS) – Mitigating Maliciously Tainted and Counterfeit Products. A standard of best practices that addresses product integrity and supply chain security throughout a product’s life cycle (from design through disposal). In February 2014, The Open Group announced the O-TTPS Accreditation Program that enables a technology provider (e.g. integrator, OEM, hardware or software component supplier, or reseller) that conforms to the standard to be accredited – positioning them on the public accreditation registry so they can be identified as an Open Trusted Technology Provider™.

Establishing a global standard and accreditation program like the O-TTPS – a program which helps mitigate the risk of maliciously tainted and counterfeit products from being integrated into critical infrastructure – a program that is already available and is available to any technology provider in any country regardless if they are based in the US, China, Germany, India, Brazil, or in any other country in the world – is most certainly a step in the right direction.

For a varied set of perspectives and opinions from critical infrastructure and supply chain subject matter experts, you can view the recording at the following link. Please note that you may need to log in to the InfoSecurity website for access:

http://view6.workcast.net/?pak=1316915596199100&cpak=9135816490522516

To learn more about the Open Trusted Technology Provider Standard and Accreditation Program, please visit the OTTF site: http://www.opengroup.org/subjectareas/trusted-technology

Sally LongSally Long is the Director of The Open Group Trusted Technology Forum (OTTF). She has managed customer supplier forums and collaborative development projects for over twenty years. She was the release engineering section manager for all multi-vendor collaborative technology development projects at The Open Software Foundation (OSF) in Cambridge Massachusetts. Following the merger of the OSF and X/Open under The Open Group, she served as director for multiple forums in The Open Group. Sally has a Bachelor of Science degree in Electrical Engineering from Northeastern University in Boston, Massachusetts.

Contact:  s.long@opengroup.org; @sallyannlong

Leave a comment

Filed under COTS, Cybersecurity, O-TTF, O-TTPS, OTTF, Security, Standards, supply chain, Supply chain risk, Uncategorized

The Open Group London 2014 – Day Three Highlights

By Loren K. Baynes, Director, Global Marketing Communications, The Open Group

After an evening spent in the wonderful surroundings of the Victoria and Albert Museum, delegates returned to another London landmark building, Westminster Central Hall, for the final day of The Open Group London 2014.

Following on from Tuesday’s schedule, The Open Group event continued with tracks covering topics including Risk Management, TOGAF®, an Open Group standard, Security as well as The Open Group Open Platform 3.0™. To begin the Open Platform 3.0 track, Mark Skilton, Professor of Practice, Information Systems Management, Warwick Business School discussed the real world implications of Open Platform 3.0. To do this he looked at both the theory and practice behind technologies such as Big Data, social media and even gamification and their adoption by companies such as Coca Cola and Hilton.

Mark detailed how such companies are amending their business strategy to take into account these new technologies to drive business benefit. Mark went on to say that Open Platform 3.0 is serving to help “contextualize the moment”, essentially making it easier for individuals or businesses to interact with goods or services. This he concluded is being driven by people’s growing value of time – we want a more seamless experience in our day-to-day lives whether to buy a coffee or to check in to a hotel – and technology is making this possible. The talk provided a fascinating glimpse into the future of convergent technologies and the important role that contextualization is set to play in this.

Following this, Stuart Boardman from KPN Consulting led a session which looked in detail at the capability requirements of Open Platform 3.0. In what was a lively debate, contributors discussed the importance of smart data, semantic consistency, platform hierarchies and sustainability.

The final session of the morning in the Open Platform 3.0 track looked at the topic of open public sector data with Deirdre Lee, Principal at Derilinx and Chris Harding, Director for Interoperability at The Open Group. Discussing a topic that has risen up government agendas recently, Deirdre began by providing a thorough overview of the background to open data in the public sector and the supporting forces behind it. Deirdre provided detail on how various authorities across Europe had provided impetus to the Open Data movement, and what economic impact these initiatives had resulted in. Subsequently, Chris looked at how The Open Group can play a role in the emergence of open data as a subject area.

Following lunch, the tracks were split into two, with Jim Hietala, VP, Security & Healthcare, The Open Group, leading a workshop on the “Voice of the Security Customer”. This specifically looked at the impact of Security Automation on overall Enterprise Security, provoking much discussion among attendees. In the other session, the Open Platform 3.0 Forum focused on the topic of data integration with Ronald Schuldt, Senior Partner, UDEF and Dimitrios Kyritsis, Deputy Director, EPFL, leading a productive debate on the topic.

With The Open Group London 2014 coming to a close, we would like to thank all the speakers for providing such thoughtful content and the 300 attendees for making the event another great success. Also, many thanks go to our sponsors BiZZdesign, Corso, BOC Group, Good e-Learning, AEA and Scape, and media sponsors Van Haren and Computer Weekly,

See you at The Open Group San Diego 2015 February 2 – 5!

Join the conversation – #ogchat

Loren K. BaynesLoren K. Baynes, Director, Global Marketing Communications, joined The Open Group in 2013 and spearheads corporate marketing initiatives, primarily the website, blog and media relations. Loren has over 20 years experience in brand marketing and public relations and, prior to The Open Group, was with The Walt Disney Company for over 10 years. Loren holds a Bachelor of Business Administration from Texas A&M University. She is based in the US.

 

Leave a comment

Filed under Boundaryless Information Flow™, Future Technologies, Internet of Things, Open Platform 3.0, Professional Development, Standards, Uncategorized

The Open Group London 2014 – Day Two Highlights

By Loren K. Baynes, Director, Global Marketing Communications, The Open Group

Despite gusts of 70mph hitting the capital on Day Two of this year’s London event, attendees were not disheartened as October 21 kicked off with an introduction from The Open Group President and CEO Allen Brown. He provided a recap of The Open Group’s achievements over the last quarter including successful events in Bratislava, Slovakia and Kuala Lumpur, Malaysia. Allen also cited some impressive membership figures, with The Open Group now boasting 468 member organizations across 39 countries with the latest member coming from Nigeria.

Dave Lounsbury, VP and CTO at The Open Group then introduced the panel debate of the day on The Open Group Open Platform 3.0™ and Enterprise Architecture, with participants Ron Tolido, SVP and CTO, Applications Continental Europe, Capgemini; Andras Szakal, VP and CTO, IBM U.S. Federal IMT; and TJ Virdi, Senior Enterprise IT Architect, The Boeing Company.

After a discussion around the definition of Open Platform 3.0, the participants debated the potential impact of the Platform on Enterprise Architecture. Tolido noted that there has been an explosion of solutions, typically with a much shorter life cycle. While we’re not going to be able to solve every single problem with Open Platform 3.0, we can work towards that end goal by documenting its requirements and collecting suitable case studies.

Discussions then moved towards the theme of machine-to-machine (M2M) learning, a key part of the Open Platform 3.0 revolution. TJ Virdi cited figures from Gartner that by the year 2017, machines will soon be learning more than processing, an especially interesting notion when it comes to the manufacturing industry according to Szakal. There are three different areas whereby manufacturing is affected by M2M: New business opportunities, business optimization and operational optimization. With the products themselves now effectively becoming platforms and tools for communication, they become intelligent things and attract others in turn.

PanelRon Tolido, Andras Szakal, TJ Virdi, Dave Lounsbury

Henry Franken, CEO at BizzDesign, went on to lead the morning session on the Pitfalls of Strategic Alignment, announcing the results of an expansive survey into the development and implementation of a strategy. Key findings from the survey include:

  • SWOT Analysis and Business Cases are the most often used strategy techniques to support the strategy process – many others, including the Confrontation Matrix as an example, are now rarely used
  • Organizations continue to struggle with the strategy process, and most do not see strategy development and strategy implementation intertwined as a single strategy process
  • 64% indicated that stakeholders had conflicting priorities regarding reaching strategic goals which can make it very difficult for a strategy to gain momentum
  • The majority of respondents believed the main constraint to strategic alignment to be the unknown impact of the strategy on the employees, followed by the majority of the organization not understanding the strategy

The wide-ranging afternoon tracks kicked off with sessions on Risk, Enterprise in the Cloud and Archimate®, an Open Group standard. Key speakers included Ryan Jones at Blackthorn Technologies, Marc Walker at British Telecom, James Osborn, KPMG, Anitha Parameswaran, Unilever and Ryan Betts, VoltDB.

To take another look at the day’s plenary or track sessions, please visit The Open Group on livestream.com.

The day ended in style with an evening reception of Victorian architecture at the Victoria & Albert Museum, along with a private viewing of the newly opened John Constable exhibition.

IMG_3976Victoria & Albert Museum

A special mention must go to Terry Blevins who, after years of hard work and commitment to The Open Group, was made a Fellow at this year’s event. Many congratulations to Terry – and here’s to another successful day tomorrow.

Join the conversation! #ogchat #ogLON

Loren K. BaynesLoren K. Baynes, Director, Global Marketing Communications, joined The Open Group in 2013 and spearheads corporate marketing initiatives, primarily the website, blog and media relations. Loren has over 20 years experience in brand marketing and public relations and, prior to The Open Group, was with The Walt Disney Company for over 10 years. Loren holds a Bachelor of Business Administration from Texas A&M University. She is based in the US.

Leave a comment

Filed under ArchiMate®, Boundaryless Information Flow™, Business Architecture, Cloud, Enterprise Architecture, Enterprise Transformation, Internet of Things, Open Platform 3.0, Professional Development, Uncategorized

The Open Group London 2014 – Day One Highlights

By Loren K. Baynes, Director, Global Marketing Communications, The Open Group

On a crisp October Monday in London yesterday, The Open Group hosted the first day of its event at Central Methodist Hall, Westminster. Almost 200 attendees from 32 countries explored how to “Empower Your Business; Enabling Boundaryless Information Flow™”.

Just across the way from another landmark in the form of Westminster Abbey, the day began with a welcome from Allen Brown, President and CEO of The Open Group, before Magnus Lindkvist, the Swedish trendspotter and futurologist, began his keynote on “Competition and Creation in Globulent Times”.

In a very thought-provoking talk, Magnus pondered on how quickly the world now moves, declaring that we now live in a 47 hour world, where trends can spread quicker than ever before. Magnus argued that this was a result of an R&D process – rip off and duplicate, rather than organic innovation occurring in multiple places.

Magnus went on to consider the history of civilization which he described as “nothing, nothing, a little bit, then everything” as well as providing a comparison of vertical and horizontal growth. Magnus posited that while we are currently seeing a lot of horizontal growth globally (the replication of the same activity), there is very little vertical growth, or what he described as “magic”. Magnus argued that in business we are seeing companies less able to create as they are focusing so heavily on simply competing.

To counter this growth, Magnus told attendees that they should do the following in their day-to-day work:

  • Look for secrets – Whether it be for a certain skill or a piece of expertise that is as yet undiscovered but which could reap significant benefit
  • Experiment – Ensure that there is a place for experimentation within your organization, while practicing it yourself as well
  • Recycle failures – It’s not always the idea that is wrong, but the implementation, which you can try over and over again
  • Be patient and persistent – Give new ideas time and the good ones will eventually succeed

Following this session was the long anticipated launch of The Open Group IT4IT™ Forum, with Christopher Davis from the University of South Florida detailing the genesis of the group before handing over to Georg Bock from HP Software who talked about the Reference Architecture at the heart of the IT4IT Forum.

Hans Van Kesteren, VP & CIO of Global Functions at Shell, then went into detail about how his company has helped to drive the growth of the IT4IT Forum. Starting with an in-depth background to the company’s IT function, Hans described how as a provider of IT on a mass scale, the changing technology landscape has had a significant impact on Shell and the way it manages IT. He described how the introduction of the IT4IT Forum will help his organization and others like it to adapt to the convergence of technologies, allowing for a more dynamic yet structured IT department.

Subsequently Daniel Benton, Global Managing Director of IT Strategy at Accenture, and Georg Bock, Senior Director IT Management Software Portfolio Strategy at HP, provided their vision for the IT4IT Forum before a session where the speakers took questions from the floor. Those individuals heavily involved in the establishment of the IT4IT Forum received particular thanks from attendees for their efforts, as you can see in the accompanying picture.

In its entirety, the various presentations from the IT4IT Forum members provided a compelling vision for the future of the group. Watch this space for further developments now it has been launched.

IT4IT

The Open Group IT4IT™ Forum Founding Members

In the afternoon, the sessions were split into tracks illustrating the breadth of the material that The Open Group covers. On Monday this provided an opportunity for a range of speakers to present to attendees on topics from the architecture of banking to shaping business transformation. Key presenters included Thomas Obitz, Senior Manager, FSO Advisory Performance Improvement, EY, UK and Dr. Daniel Simon, Managing Partner, Scape Consulting, Germany.

The plenary and many of the track presentations are available at livestream.com.

The day concluded with an evening drinks reception within Central Hall Westminster, where attendees had the opportunity to catch up with acquaintances old and new. More to come on day two!

Join the conversation – @theopengroup #ogLON

Loren K. BaynesLoren K. Baynes, Director, Global Marketing Communications, joined The Open Group in 2013 and spearheads corporate marketing initiatives, primarily the website, blog and media relations. Loren has over 20 years experience in brand marketing and public relations and, prior to The Open Group, was with The Walt Disney Company for over 10 years. Loren holds a Bachelor of Business Administration from Texas A&M University. She is based in the US.

Leave a comment

Filed under architecture, Boundaryless Information Flow™, Business Architecture, Conference, Data management, Enterprise Architecture, Enterprise Transformation, Open Platform 3.0, Professional Development, Standards, Uncategorized

Open FAIR Blog Series – Five Reasons You Should Use the Open FAIR Body of Knowledge

By Jim Hietala, VP, Security and Andrew Josey, Director of Standards, The Open Group

This is the second in our blog series introducing the Open FAIR Body of Knowledge.

In this blog, we provide 5 reasons why you should use the Open FAIR Body of Knowledge for Risk Analysis:

1. Emphasis on Risk

Often the emphasis in such analyses is placed on security threats and controls, without due consideration of impact.  For example, we have a firewall protecting all our customer information – but what if the firewall is breached and the customer information stolen or changed? Risk analysis using Open FAIR evaluates both the probability that bad things will happen, and the impact if they do happen. By using the Open FAIR Body of Knowledge, the analyst measures and communicates the risk, which is what management cares about.

2. Logical and Rational Framework

It provides a framework that explains the how and why of risk analysis. It improves consistency in undertaking analyses.

3. Quantitative

It’s easy to measure things without considering the risk context – for example, the systems should be maintained in full patch compliance – but what does that mean in terms of loss frequency or the magnitude of loss? The Open FAIR taxonomy and method provide the basis for meaningful metrics.

4. Flexible

Open FAIR can be used at different levels of abstraction to match the need, the available resources, and available data.

5. Rigorous

There is often a lack of rigor in risk analysis: statements are made such as: “that new application is high risk, we could lose millions …” with no formal rationale to support them. The Open FAIR risk analysis method provides a more rigorous approach that helps to reduce gaps and analyst bias. It improves the ability to defend conclusions and recommendations.

In our next blog, we will look at how the Open FAIR Body of Knowledge can be used with other Open Group standards.

The Open FAIR Body of Knowledge consists of the following Open Group standards:

  • Risk Taxonomy (O-RT), Version 2.0 (C13K, October 2013) defines a taxonomy for the factors that drive information security risk – Factor Analysis of Information Risk (FAIR).
  • Risk Analysis (O-RA) (C13G, October 2013) describes process aspects associated with performing effective risk analysis.

These can be downloaded from The Open Group publications catalog at http://www.opengroup.org/bookstore/catalog.

Our other publications include a Pocket Guide and a Certification Study Guide.

62940-hietalaJim Hietala, CISSP, GSEC, is the Vice President, Security for The Open Group, where he manages all IT Security, Risk Management and Healthcare programs and standards activities. He participates in the SANS Analyst/Expert program and has also published numerous articles on Information Security, Risk Management, and compliance topics in publications including The ISSA Journal, Bank Accounting & Finance, Risk Factor, SC Magazine, and others.

 

andrew-small1Andrew Josey is Director of Standards within The Open Group. He is currently managing the standards process for The Open Group, and has recently led the standards development projects for TOGAF® 9.1, ArchiMate® 2.0, IEEE Std 1003.1-2008 (POSIX), and the core specifications of the Single UNIX® Specification, Version 4. Previously, he has led the development and operation of many of The Open Group certification development projects, including industry-wide certification programs for the UNIX system, the Linux Standard Base, TOGAF, and IEEE POSIX. He is a member of the IEEE, USENIX, UKUUG, and the Association of Enterprise Architects.

Leave a comment

Filed under Data management, digital technologies, Information security, Open FAIR Certification, RISK Management, Security, Uncategorized