By John Linford, Security Portfolio Director, The Open Group, and Corinne Brouch, Director Learning and Certifications, The Open Group.
Since the publication of the NIST Cybersecurity Framework (CSF), Version 2.0, the Security Forum has been working to understand the implications of changes to the CSF and making changes to The Open Group Open FAIR™ Body of Knowledge to ensure consistency with the changes.
The Open Group is pleased to announce that these updates are now available in…
- The Open Group Standard for Risk Analysis (O-RA), Version 2.1
- The Open Group Standard for Risk Taxonomy (O-RT), Version 3.1
The changes to the Standards are limited to address the new Governance Function from the CSF 2.0, though other, small changes were made to ensure consistency between the documents.
Since its launch in 2014, the Open FAIR Certification Program has allowed risk analysts to test and validate their knowledge of cyber risk quantification (CRQ). The program is based on the Open FAIR Body of Knowledge, which is comprised of The Open Group Standard for Risk Analysis (O-RA) and The Open Group Standard for Risk Taxonomy (O-RT).
The Open FAIR Certification Program encompasses the Open FAIR Foundation Certification and Open FAIR 2 Foundation Certifications. Candidates can download the Open FAIR Body of Knowledge and get started with Individual Certification, whether by completing a course offered by an Accredited Training Course Provider or by using the Self-Study Materials developed and curated by The Open Group.
At this time, The Open Group Certification Authority does not anticipate any changes for the Open FAIR Certification Exam, and the Certification Authority and Security Forum are actively collaborating to update the Open FAIR Conformance Requirements. A separate announcement will be made when these are published.
The Open FAIR Certification Program now has more than 1,700 Certified Individuals, with the numbers growing daily around the world.
This growth has been supported by continued development of supplementary material for the Open FAIR Body of Knowledge, including…
- Open FAIR Risk Analysis Process Guide
- Open FAIR Risk Analysis Example Guide
- Calculating Reserves for Cyber Risk White Paper Series
- Using Quantitative Analysis with System Threat Modeling: Adopting Open FAIR Analysis with Threat Modeling to Maximize Return on Security Investment White Paper
- Open FAIR Risk Analysis Spreadsheet Tool
Developed by Members of The Open Group Security Forum, these publications are free to download and use within organizations, and there is a Commercial License available for those organizations applying the Open FAIR Body of Knowledge for commercial use.
The Open Group is also thrilled to announce the launch of the Lifelong Learning Program, including the Learning Module: Risk Analysis – Process. This Learning Module is based on content from the Open FAIR Risk Analysis Process Guide and Example Guide, and is designed to develop skills on Risk Analysis through self-study and exercises. The completion of the Learning Module leads to an Open Badge, which serves as a proof of professional development.
Learn more about the Open FAIR Certification Program
Learn more about The Open Group Security Forum
John Linford is the Forum Director of The Open Group Security Forum, Open Trusted Technology Forum, and Assured Dependability Work Group. As staff at The Open Group, John supports the leaders and participants of the Security Portfolio in utilizing the resources of The Open Group to facilitate collaboration and follow The Open Group Standards process to publish their deliverables. Prior to joining The Open Group in June 2019, John worked as a Lecturer for San Jose State University, teaching courses in Economics. John is Open FAIR™ certified and serves on the Board of Directors of the Society of Information Risk Analysts (SiRA).
Corinne Brouch is Director Learning and Certifications overseeing all knowledge based certifications, architecture tools certifications and learning programs of The Open Group.
Since joining the company in 2013, Corinne has been closely involved with certification programs design and exam development, exam fraud policing, quality and accreditation management at The Open Group. She led the development of the certification program for the TOGAF® Standard, 10th Edition, and has recently been leading development of The Open Group Lifelong Learning program.
