Tag Archives: certification

Open FAIR Blog Series – Five Reasons You Should Use the Open FAIR Body of Knowledge

By Jim Hietala, VP, Security and Andrew Josey, Director of Standards, The Open Group

This is the second in our blog series introducing the Open FAIR Body of Knowledge.

In this blog, we provide 5 reasons why you should use the Open FAIR Body of Knowledge for Risk Analysis:

1. Emphasis on Risk

Often the emphasis in such analyses is placed on security threats and controls, without due consideration of impact.  For example, we have a firewall protecting all our customer information – but what if the firewall is breached and the customer information stolen or changed? Risk analysis using Open FAIR evaluates both the probability that bad things will happen, and the impact if they do happen. By using the Open FAIR Body of Knowledge, the analyst measures and communicates the risk, which is what management cares about.

2. Logical and Rational Framework

It provides a framework that explains the how and why of risk analysis. It improves consistency in undertaking analyses.

3. Quantitative

It’s easy to measure things without considering the risk context – for example, the systems should be maintained in full patch compliance – but what does that mean in terms of loss frequency or the magnitude of loss? The Open FAIR taxonomy and method provide the basis for meaningful metrics.

4. Flexible

Open FAIR can be used at different levels of abstraction to match the need, the available resources, and available data.

5. Rigorous

There is often a lack of rigor in risk analysis: statements are made such as: “that new application is high risk, we could lose millions …” with no formal rationale to support them. The Open FAIR risk analysis method provides a more rigorous approach that helps to reduce gaps and analyst bias. It improves the ability to defend conclusions and recommendations.

In our next blog, we will look at how the Open FAIR Body of Knowledge can be used with other Open Group standards.

The Open FAIR Body of Knowledge consists of the following Open Group standards:

  • Risk Taxonomy (O-RT), Version 2.0 (C13K, October 2013) defines a taxonomy for the factors that drive information security risk – Factor Analysis of Information Risk (FAIR).
  • Risk Analysis (O-RA) (C13G, October 2013) describes process aspects associated with performing effective risk analysis.

These can be downloaded from The Open Group publications catalog at http://www.opengroup.org/bookstore/catalog.

Our other publications include a Pocket Guide and a Certification Study Guide.

62940-hietalaJim Hietala, CISSP, GSEC, is the Vice President, Security for The Open Group, where he manages all IT Security, Risk Management and Healthcare programs and standards activities. He participates in the SANS Analyst/Expert program and has also published numerous articles on Information Security, Risk Management, and compliance topics in publications including The ISSA Journal, Bank Accounting & Finance, Risk Factor, SC Magazine, and others.

 

andrew-small1Andrew Josey is Director of Standards within The Open Group. He is currently managing the standards process for The Open Group, and has recently led the standards development projects for TOGAF® 9.1, ArchiMate® 2.0, IEEE Std 1003.1-2008 (POSIX), and the core specifications of the Single UNIX® Specification, Version 4. Previously, he has led the development and operation of many of The Open Group certification development projects, including industry-wide certification programs for the UNIX system, the Linux Standard Base, TOGAF, and IEEE POSIX. He is a member of the IEEE, USENIX, UKUUG, and the Association of Enterprise Architects.

Leave a comment

Filed under Data management, digital technologies, Information security, Open FAIR Certification, RISK Management, Security, Uncategorized

Brand Marketing of Standards

By Allen Brown, President and CEO, The Open Group

Today everyone is familiar with the power of brands. Managed well, they can develop strong biases amongst customers for the product or service, resulting in greatly increased revenues and profits. Managed badly, they can destroy a product or an organization.

I was sitting in San Francisco International Airport one day. A very loud couple was looking for somewhere to get coffee. The wife said, “There’s a Peet’s right here.” Angrily the husband replied, “I don’t want Peet’s, I want Starbucks!”

A jewelry retailer in the UK had grown, in six years, from having 150 stores to more than 2,000, with 25,000 staff and annual sales of £1.2 billion. Then at the Institute of Directors conference at the Royal Albert Hall in 1991, he told an audience of 5,000 business leaders the secret of his success. Describing his company’s products, he said: ‘We also do cut-glass sherry decanters complete with six glasses on a silver-plated tray that your butler can serve you drinks on, for £4.95. People say “How can you sell this for such a low price?”  I say, because it’s total crap.’  As if that were not enough, he added that his stores’ earrings were ‘cheaper than a prawn sandwich, but probably wouldn’t last as long’.

It was a joke that he had told before but this time it got into the press. Hordes of people queued at his stores, immediately that word got out, to return everything from earrings to engagement rings. The company was destroyed.

The identity of a brand emerges through communication backed up by a promise to customers. That promise can be a promise of quality or service or innovation or style. Or it can be much less tangible: “people like you buy this product”, for example.

Early in my career, I worked for a company that was in the business of manufacturing and marketing edible oils and fats – margarines, cooking oils and cooking fat.   When first developed, margarine was simply a substitute for the butter that was in short supply in the UK during wartime. But when butter once again became plentiful, the product needed to offer other advantages to the consumer. Research focused on methods to improve the quality of margarine–such as making it easier to spread, more flavorful and more nutritious.

At the time there were many brands all focused on a specific niche which together amounted to something like a 95% market share. Stork Margarine was promoted as a low cost butter substitute for working class households, Blue Band Margarine was positioned slightly up-market, Tomor Margarine for the kosher community, Flora Margarine was marketed as recommended by doctors as being good for the heart and so on. Today, Unilever continues to market these brands, amongst many others, successfully although the positioning may be a little different.

Creating, managing and communicating brands is not inexpensive but the rewards can be significant. There are three critical activities that must be done well. The brand must be protected, policed and promoted.

Protection starts with ensuring that the brand is trademarked but it does not end there. Consistent and correct usage of the brand is essential – without that, a trademark can be challenged and the value of the brand and all that has been invested in it can be lost.

Policing is about identifying and preventing unauthorized or incorrect usage of the mark by others. Unauthorized usage can range from organizations using the brand to market their own products or services, all the way up to counterfeit copies of the branded products. Cellophane is a registered trademark in the UK and other countries, and the property of Innovia Films. However, in many countries “cellophane” has become a generic term, often used informally to refer to a wide variety of plastic film products, even those not made of cellulose,such as plastic wrap, thereby diminishing the value of the brand to its owner. There are several other well-known and valuable marks that have been lost through becoming generic – mostly due to the brand owner not insisting on correct usage.

Promotion begins with identifying the target market, articulating the brand promise and the key purchase factors and benefits. The target market can be consumers or organizations but at the end of the day, people buy products or services or vote for candidates seeking election and it is important to segment and profile the target customers sufficiently and develop key messages for each segment.

Profiling has been around for a long time: the margarine example shows how it was used in the past.   But today consumers, organization buyers and voters have a plethora of messages targeted at them and through a broader than ever variety of media, so it is critical to be as precise as possible. Some of the best examples of profiling, such as soccer moms and NASCAR dads have been popularized as a result of their usage in US presidential election campaigns.

In the mid-1990’s X/Open (now part of The Open Group) started using branding to promote the market adoption of open standards. The members of X/Open had developed a set of specifications aimed at enabling portability of applications between the UNIX® systems of competing vendors, which was called the X/Open Portability Guide, or XPG for short.

The target market was the buyers of UNIX systems. The brand promise was that any product that was supplied by the vendors that carried the X/Open brand conformed to the specification, would always conform and, in the event of any non-conformance being found, the vendor would, at their own cost, rectify the non-conformance for the customer within a prescribed period of time. To this day, there has only ever been one report of non-conformance, an obscure mathematical result, reported by an academic. The vendor concerned quickly rectified the issue, even though it was extremely unlikely that any customer would ever be affected by it.

The trademark license agreement signed by all vendors who used the X/Open brand carried the words “warrant and represent” in support of the brand promise. It was a significant commitment on the part of the vendors as it also carried with it significant risk and potential liability.   For these reasons, the vendors pooled their resources to fund the development of test suite software, so they could better understand the commitment they had entered into. These test suites were developed in stages and, over time, their coverage of the set of specifications grew.

It was only later that products had to be tested and certified before they could carry the X/Open brand.

The trademark was, of course protected, policed and promoted. Procurements that could be identified, which were mostly government procurements, were recorded and totaled in excess of $50bn in a short period of time. Procurements by commerce and industry were more difficult to track, but were clearly significant.

The XPG brand program was enormously successful and has evolved to become the UNIX® brand program and, in spite of challenges from open source software, continues to deliver revenues for the vendors in excess of $30bn per annum.

When new brand programs are contemplated, an early concern of both vendors and customers is the cost. Customers worry that the vendors will pass the cost on to them; vendors worry that they will have to absorb the cost. In the case of XPG and UNIX, both sides looked not at the cost but at the benefits. For customers, even if the vendors had passed on the cost, the savings that could be achieved as a result of portability in a heterogeneous environment were orders of magnitude greater. For vendors, in a competitive environment, the price that they can charge customers, for their products, is dictated by the market, so their ability to pass on the costs of the branding program, directly to the customer, is limited. However, the reality is that the cost of the branding program pales into insignificance when spread over the revenue of related products. For one vendor we estimate the cost to be less than 100th of 1% of related revenue. Combine that with a preference from customers for branded products and everybody wins.

So the big question for vendors is: Do you see certification as a necessary cost to be kept as low as possible or do you see brand marketing of open standards, of which certification is a part, as a means to grow the market and your share of that market?

The big question for customers is: Do you want to negotiate and enforce a warranty with every vendor and in every contract or do you want the industry to do that for you and spread the cost over billions of dollars of procurements?

brown-smallAllen Brown is President and CEO of The Open Group – a global consortium that enables the achievement of business objectives through IT standards.  For over 15 years, Allen has been responsible for driving The Open Group’s strategic plan and day-to-day operations, including extending its reach into new global markets, such as China, the Middle East, South Africa and India. In addition, he was instrumental in the creation of the Association of Enterprise Architects (AEA)., which was formed to increase job opportunities for all of its members and elevate their market value by advancing professional excellence.

 

 

3 Comments

Filed under Brand Marketing, Certifications, Standards, Uncategorized, UNIX

The Open Group Summit Amsterdam – ArchiMate® Day – May 14, 2014

By Andrew Josey, Director of Standards, The Open Group

The Open Group Summit 2014 Amsterdam features an all day track on the ArchiMate® modeling language, followed by an ArchiMate Users Group meeting in the evening. The meeting attendees include the core developers of the ArchiMate language, users and tool developers.

The sessions include tutorials, a panel session on the past, present and future of the language and case studies. The Users Group meeting follows in the evening. The evening session is free and open to all — whether attending the rest of the conference or not — and starts at 6pm with free beer and pizza!

The timetable for ArchiMate Day is as follows:

• Tutorials (09:00 – 10:30), Henry Franken, CEO, BiZZdesign, and Alan Burnett, COO & Consulting Head, Corso

Henry Franken will show how the TOGAF® and ArchiMate® standards can be used to provide an actionable EA capability. Alan Burnett will present on how the ArchiMate language can be extended to support roadmapping, which is a fundamental part of strategic planning and enterprise architecture.

• Panel Discussion (11:00 – 12:30), Moderator: Henry Franken, Chair of The Open Group ArchiMate Forum

The  topic for the Panel Discussion is the ArchiMate Language — Past, Present and Future. The panel is comprised of key developers and users of the ArchiMate® language, including Marc Lankhorst and Henk Jonkers from the ArchiMate Core team, Jan van Gijsen from SNS REAAL, a Dutch financial institution, and Gerben Wierda author of Mastering ArchiMate. The session will include brief updates on current status from the panel members (30 minutes) and a 60-minute panel discussion with questions from the moderator and audience.

• Case Studies (14:00 – 16:00), Geert Van Grootel, Senior Researcher, Department of Economy, Science & Innovation, Flemish Government; Patrick Derde, Consultant, Envizion; and Pieter De Leenheer, Co-Founder and Research Director, Collibra. Walter Zondervan, Member – Architectural Board, ASL-BiSL Foundation. Adina Aldea, BiZZdesign.

There are three case studies:

Geert Van Grootel, Patrick Derde, and Pieter De Leenheer will present on how you can manage your business meta data by means of the use of data model patterns and an Integrated Information Architecture approach supported by a standard formal architecture language ArchiMate.

Walter Zondervan will present an ArchiMate reference architecture for governance, based on BiSL.

Adina Aldea will present on how high level strategic models can be used and modelled based on the Strategizer method.

• ArchiMate Users Group Meeting (18:00 – 21:00)

The evening session is free and open to all — whether attending the rest of the conference or not. It will start at 6pm with free beer and pizza. Invited speakers for the Users Group Meeting include: Andrew Josey, Henk Jonkers,  Marc Lankhorst and Gerben Wierda:

- Andrew Josey will present on the ArchiMate certification program and adoption of the language
– Henk Jonkers will present on modeling risk and security
– Marc Lankhorst will present about capability modeling in ArchiMate
– Gerben Wierda will present about relating ArchiMate and BPMN

Why should you attend?
• Spend time interacting directly with other ArchiMate users and tool providers in a relaxed, engaging environment
• Opportunity to listen and understand how ArchiMate can be used to develop solutions to common industry problems
• Learn about the future directions and meet with key users and developers of the language and tools
• Interact with peers to broaden your expertise and knowledge in the ArchiMate language

For detailed information, see the ArchiMate Day agenda at http://www.opengroup.org/amsterdam2014/archimate / or our YouTube event video at http://youtu.be/UVARza3uZZ4

How to register

Registration for the ArchiMate® Users Group meeting is independent of The Open Group Conference registration. There is no fee but registration is required. Please register here, select one-day pass for pass type, insert the promotion code (AMST14-AUG), tick the box against Wednesday May 14th and select ArchiMate Users Group from the conference session list. You will then be registered for the event and should not be charged.  Please note that this promotion code should only be used for those attending only the evening meeting from 6:00 p.m. Anyone attending the conference or just the ArchiMate Day will have to pay the applicable registration fee.  User Group members who want to attend The Open Group conference and who are not members of The Open Group can register using the affiliate code AMST14-AFFIL.

 Andrew Josey is Director of Standards within The Open Group. He is currently managing the standards process for The Open Group, and has recently led the standards development projects for TOGAF® 9.1, ArchiMate 2.1, IEEE Std 1003.1-2008 (POSIX), and the core specifications of the Single UNIX Specification, Version 4. Previously, he has led the development and operation of many of The Open Group certification development projects, including industry-wide certification programs for the UNIX system, the Linux Standard Base, TOGAF, and IEEE POSIX. He is a member of the IEEE, USENIX, UKUUG, and the Association of Enterprise Architects.

Comments Off

Filed under ArchiMate®, Enterprise Architecture, Professional Development, Standards, TOGAF®, Uncategorized

The Open Group and APMG Work Together to Promote TOGAF® and ArchiMate®

The APM Group (APMG) and The Open Group have announced a new partnership whereby APMG will support the accreditation services of The Open Group’s products. The arrangement will initially focus on TOGAF® and ArchiMate®, both standards of The Open Group.

APMG’s team of global assessors will be supporting The Open Group’s internal accreditation team in conducting their assessment activities. The scope of the assessments will focus on organizations, materials and training delivery.

“A significant value to The Open Group in this new venture is the ability to utilize APMG’s team of experienced multi-lingual assessors who are based throughout the world.  This will help The Open Group establish new markets and ensure quality support of existing markets, “ said James de Raeve, Vice President of Certification at The Open Group.

Richard Pharro, CEO of APMG said, “This agreement presents an excellent opportunity to APMG Accredited Training Organizations which are interested in training in The Open Group’s products, as their existing APMG accredited status will be recognized by The Open Group. We believe our global network will significantly enhance the awareness and take up of TOGAF and ArchiMate.”

About The Open Group

The Open Group is an international vendor- and technology-neutral consortium upon which organizations rely to lead the development of IT standards and certifications, and to provide them with access to key industry peers, suppliers and best practices. The Open Group provides guidance and an open environment in order to ensure interoperability and vendor neutrality. Further information on The Open Group can be found at http://opengroup.org.

About APM Group

The APM Group is one of the world’s largest certification bodies for knowledge based workers. As well as the certifications mentioned above, we offer competency-based assessments for specialist roles in the security and aerospace industries. We work with government agencies to help develop people who can achieve great things for the organizations they work for.

4 Comments

Filed under ArchiMate®, Certifications, Professional Development, Standards, TOGAF®

The ArchiMate® Certification for People Program 2014 Updates

By Andrew Josey, The Open Group

Following on from the news in December of the 1000th certification in the ArchiMate certification program, The Open Group has made some changes to the program that will make the certification program more accessible. As of January 2014, it is now possible to self study for both certification levels.  Previously to achieve the Level 2 certification, known as ArchiMate 2 Certified, attendance at a course was mandatory.

To accommodate this, a revised examination structure has been introduced as shown in the diagram below:ArchiMate_2_exam

There are two levels of certification:

  • ArchiMate Foundation: Knowledge of the notation, terminology, structure, and concepts of the ArchiMate modeling language.
  • ArchiMate Certified: In addition to Knowledge and comprehension, the ability to analyze and apply the ArchiMate modeling language.

Candidates are able to choose whether they wish to become certified in a stepwise manner by starting with ArchiMate 2 Foundation and then at a later date ArchiMate 2 Certified, or bypass ArchiMate 2 Foundation and go directly to ArchiMate 2 Certified.

For those going directly to ArchiMate 2 Certified there is a choice of taking the two examinations separately or a Combined examination. The advantage of taking the two examinations over the single Combined examination is that if you pass Part 1 but fail Part 2 you can still qualify for ArchiMate 2 Foundation.

The ArchiMate 2 Part 1 examination comprises 40 questions in simple multiple choice format. The ArchiMate 2 Part 2 examination comprises 8 question using a gradient scored, scenario based format. Practice examinations are included as part of an Accredited ArchiMate Training course and available with the Study Guide.

The examinations are delivered either at Prometric test centers or by Accredited Training Course Providers through The Open Group Internet Based Testing portal.

You can find an available accredited training course either by viewing the public Calendar of Accredited Training Courses or by contacting a provider using the Register of Accredited Training Courses.

The ArchiMate 2 Certification Self-Study Pack is available at http://www.opengroup.org/bookstore/catalog/b132.htm.

The hardcopy of the ArchiMate 2 Certification Study Guide is available to order from Van Haren Publishing at http://www.vanharen.net/9789401800020

ArchiMate is a registered trademark of The Open Group.

 Andrew Josey is Director of Standards within The Open Group. He is currently managing the standards process for The Open Group, and has recently led the standards development projects for TOGAF 9.1, ArchiMate 2.1, IEEE Std 1003.1-2008 (POSIX), and the core specifications of the Single UNIX Specification, Version 4. Previously, he has led the development and operation of many of The Open Group certification development projects, including industry-wide certification programs for the UNIX system, the Linux Standard Base, TOGAF, and IEEE POSIX. He is a member of the IEEE, USENIX, UKUUG, and the Association of Enterprise Architects.

Comments Off

Filed under ArchiMate®, Certifications, Enterprise Architecture

ArchiMate® 2 Certification reaches the 1000th certification milestone

By Andrew Josey, The Open Group

We’re pleased to announce that the ArchiMate Certification for People program has reached the significant milestone of 1,000 individual certifications and there are individuals certified in 30 different countries as shown in the world map below.

ArchiMate 1000

The top 10 countries are:

Netherlands 458 45.8%
UK 104 10.4%
Belgium 76 7.6%
Australia 35 3.5%
Germany 32 3.2%
Norway 30 3%
Sweden 30 3%
USA 27 2.7%
Poland 16 1.6%
Slovakia 13 1.3%
 

The vision for the ArchiMate 2 Certification Program is to define and promote a market-driven education and certification program to support the ArchiMate modeling language Standard.

More information on the program is available at the ArchiMate 2 Certification site at http://www.opengroup.org/certifications/archimate/

Details of the ArchiMate 2 Examinations are available at: http://www.opengroup.org/certifications/archimate/docs/exam

The calendar of Accredited ArchiMate 2 Training courses is available at: http://www.opengroup.org/archimate/training-calendar/

The ArchiMate 2 Certification register can be found at https://archimate-cert.opengroup.org/certified-individuals

ArchiMate is a registered trademark of The Open Group.

 Andrew Josey is Director of Standards within The Open Group. He is currently managing the standards process for The Open Group, and has recently led the standards development projects for TOGAF 9.1, ArchiMate 2.0, IEEE Std 1003.1-2008 (POSIX), and the core specifications of the Single UNIX Specification, Version 4. Previously, he has led the development and operation of many of The Open Group certification development projects, including industry-wide certification programs for the UNIX system, the Linux Standard Base, TOGAF, and IEEE POSIX. He is a member of the IEEE, USENIX, UKUUG, and the Association of Enterprise Architects.

Comments Off

Filed under ArchiMate®, Certifications, Enterprise Architecture

The Open Group London 2013 – Day One Highlights

By Loren K. Baynes, Director, Global Marketing Communications

On Monday October 21st, The Open Group kicked off the first day of our Business Transformation conference in London!  Over 275 guests attended many engaging presentations by subject matter experts in finance, healthcare and government.  Attendees from around the globe represented 28 countries including those from as far away as Columbia, Philippines, Australia, Japan and South Africa.

Allen Brown, President and CEO of The Open Group, welcomed the prestigious group.  Allen announced that The Open Group has 67 new member organizations so far this year!

The plenary launched with “Just Exactly What is Going On in Business and Technology?” by Andy Mulholland, Former Global CTO of Capgemini, who was named one of the top 25 influential CTOs by InfoWorld.  Andy’s key topics regarding digital disruption included real drivers of change, some big and fundamental implications, business model innovation, TOGAF® and the Open Platform 3.0™ initiative.

Next up was Judith Jones, CEO, Architecting the Enterprise Ltd., with a presentation entitled “One World EA Framework for Governments – The Way Forward”.  Judith shared findings from the World Economic Forum, posing the question “what keeps 1000 global leaders awake at night”? Many stats were presented with over 50 global risks – economical, societal, environmental, geopolitical and technological.

Jim Hietala, VP, Security of The Open Group announced the launch of the Open FAIR Certification for People Program.  The new program brings a much-needed certification to the market which focuses on risk analysis. Key partners include CXOWARE, Architecting the Enterprise, SNA Technologies and The Unit bv.

Richard Shreeve, Consultancy Director, IPL and Angela Parratt, Head of Transformation and joint CIO, Bath and North East Somerset Council presented “Using EA to Inform Business Transformation”.  Their case study addressed the challenges of modeling complexity in diverse organizations and the EA-led approach to driving out cost and complexity while maintaining the quality of service delivery.

Allen Brown announced that the Jericho Forum® leaders together with The Open Group management have concluded that the Jericho Forum has achieved its original mission – to establish “de-perimeterization” that touches all areas of modern business.  In declaring this mission achieved, we are now in the happy position to celebrate a decade of success and move to ensuring that the legacy of the Jericho Forum is both maintained within The Open Group and continues to be built upon.  (See photo below.)

Following the plenary, the sessions were divided into tracks – Finance/Commerce, Healthcare and Tutorials/Workshops.

During the Healthcare track, one of the presenters, Larry Schmidt, Chief Technologist with HP, discussed “Challenges and Opportunities for Big Data in Healthcare”. Larry elaborated on the 4 Vs of Big Data – value, velocity, variety and voracity.

Among the many presenters in the Finance/Commerce track, Omkhar Arasaratnam, Chief Security Architect, TD Bank Group, Canada, featured “Enterprise Architecture – We Do That?: How (not) to do Enterprise Architecture at a Bank”.  Omkhar provided insight as to how he took traditional, top down, center-based architectural methodologies and applied it to a highly federated environment.

Tutorials/workshops consisted of EA Practice and Architecture Methods and Techniques.

You can view all of the plenary and many of the track presentations at livestream.com.  For those who attended, please stay tuned for the full conference proceedings.

The evening concluded with a networking reception at the beautiful and historic and Central Hall Westminster.  What an interesting, insightful, collaborative day it was!

IMG_1311

Comments Off

Filed under Business Architecture, Certifications, Cloud, Cloud/SOA, Conference, Cybersecurity, Information security, Open Platform 3.0, Professional Development, RISK Management, Security Architecture, Standards, TOGAF®