Tag Archives: compliance

Big Data Security Tweet Jam

By Patty Donovan, The Open Group

On Tuesday, January 22, The Open Group will host a tweet jam examining the topic of Big Data and its impact on the security landscape.

Recently, Big Data has been dominating the headlines, analyzing everything about the topic from how to manage and process it, to the way it will impact your organization’s IT roadmap. As 2012 came to a close, analyst firm, Gartner predicted that data will help drive IT spending to $3.8 trillion in 2014. Knowing the phenomenon is here to stay, enterprises face a new and daunting challenge of how to secure Big Data. Big Data security also raises other questions, such as: Is Big Data security different from data security? How will enterprises handle Big Data security? What is the best approach to Big Data security?

It’s yet to be seen if Big Data will necessarily revolutionize enterprise security, but it certainly will change execution – if it hasn’t already. Please join us for our upcoming Big Data Security tweet jam where leading security experts will discuss the merits of Big Data security.

Please join us on Tuesday, January 22 at 9:00 a.m. PT/12:00 p.m. ET/5:00 p.m. GMT for a tweet jam, moderated by Dana Gardner (@Dana_Gardner), ZDNet – Briefings Direct, that will discuss and debate the issues around big data security. Key areas that will be addressed during the discussion include: data security, privacy, compliance, security ethics and, of course, Big Data. We welcome Open Group members and interested participants from all backgrounds to join the session and interact with our panel of IT security experts, analysts and thought leaders led by Jim Hietala (@jim_hietala) and Dave Lounsbury (@Technodad) of The Open Group. To access the discussion, please follow the #ogChat hashtag during the allotted discussion time.

And for those of you who are unfamiliar with tweet jams, here is some background information:

What Is a Tweet Jam?

A tweet jam is a one hour “discussion” hosted on Twitter. The purpose of the tweet jam is to share knowledge and answer questions on Big Data security. Each tweet jam is led by a moderator and a dedicated group of experts to keep the discussion flowing. The public (or anyone using Twitter interested in the topic) is encouraged to join the discussion.

Participation Guidance

Whether you’re a newbie or veteran Twitter user, here are a few tips to keep in mind:

  • Have your first #ogChat tweet be a self-introduction: name, affiliation, occupation.
  • Start all other tweets with the question number you’re responding to and the #ogChat hashtag.
    • Sample: “Q1 enterprises will have to make significant adjustments moving forward to secure Big Data environments #ogChat”
    • Please refrain from product or service promotions. The goal of a tweet jam is to encourage an exchange of knowledge and stimulate discussion.
    • While this is a professional get-together, we don’t have to be stiff! Informality will not be an issue!
    • A tweet jam is akin to a public forum, panel discussion or Town Hall meeting – let’s be focused and thoughtful.

If you have any questions prior to the event or would like to join as a participant, please direct them to Rod McLeod (rmcleod at bateman-group dot com). We anticipate a lively chat and hope you will be able to join!

 

patricia donovanPatricia Donovan is Vice President, Membership & Events, at The Open Group and a member of its executive management team. In this role she is involved in determining the company’s strategic direction and policy as well as the overall management of that business area. Patricia joined The Open Group in 1988 and has played a key role in the organization’s evolution, development and growth since then. She also oversees the company’s marketing, conferences and member meetings. She is based in the U.S.

1 Comment

Filed under Tweet Jam

The Open Group releases O-ACEML standard, automates compliance configuration

By Jim Hietala, The Open Group

The Open Group recently published the Open Automated Compliance Expert Markup Language (O-ACEML) standard. This new technical standard addresses needs to automate the process of configuring IT environments to meet compliance requirements. O-ACEML will also enable customer organizations and their auditors to streamline data gathering and reporting on compliance postures.

O-ACEML is aimed at helping organizations to reduce the cost of compliance by easing manual compliance processes. The standard is an open, simple, and well defined XML schema that allows compliance requirements to be described in machine understandable XML, as opposed to requiring humans to interpret text from documents. The standard also allows for a remediation element, which enables multiple requirements (from different compliance regulations) to be blended into a single policy. An example of where this is needed would be in password length and complexity requirements, which may differ between different regulations. O-ACEML allows for the most secure setting to be selected and applied, enabling all of the regulations to be met or exceeded.

O-ACEML is intended to allow platform vendors and compliance management and IT-GRC providers to utilize a common language for exchanging compliance information. The existence of a single common standard will benefit platform vendors and compliance management tool vendors, by reducing development costs and providing a single data interchange format. Customer organizations will benefit by reducing costs for managing compliance in complex IT environments, and by increasing effectiveness. Where previously organizations might have just polled a small but representative sample of their environment to assess compliance, the existence of a standard allowing automated compliance checking makes it feasible to survey the entire environment rather than just a small sample. Organizations publishing government compliance regulations, as well as the de facto standard compliance organizations that have emerged in many industries will benefit by enabling more cost effective adoption and simpler compliance with their regulations and standards.

In terms of how O-ACEML relates to other compliance related standards and content frameworks, it has similarities and differences to NIST’s Security Content Automation Protocol (SCAP), and to the Unified Compliance Framework (UCF). One of the main differences is that O-ACEML was architected such that a Compliance Organization could author its IT security requirements in a high-level language, without the need to understand the specific configuration command and settings an OS or device will use to implement the requirement. A distinguishing capability of O-ACEML is that it gathers artifacts as it moves from Compliance Organization directive, implementation on a particular device, and the result of the configuration command. The final step of this automation not only produces a computer system configured meet or exceed the compliance requirements, it also produces an xml document from which compliance reporting can be simplified. The Open Group plans to work with NIST and the creators of the UCF to ensure interoperability and integration between O-ACEML and SCAP and UCF.

If you have responsibility for managing compliance in your organization, or if you are a vendor whose software product involves compliance or security configuration management, we invite you to learn more about O-ACEML.

An IT security industry veteran, Jim Hietala is Vice President of Security at The Open Group, where he is responsible for security programs and standards activities. He holds the CISSP and GSEC certifications. Jim is based in the U.S.

8 Comments

Filed under Cybersecurity, Standards