In the world of technology, there are paradigms of language that arise organically and artificially over time. Necessity requires a shared mode of communication for ideas and as a result, descriptors, nouns, and technical designators are created and shared. The problem arises when certain words acquire a surfeit of meaning, so much so that they paradoxically become less meaningful. There are many examples of this but for our purposes, we’re going to look at “Supply Chain Security”.
The transition to Digital First has become a necessity for the survival of private and public sector organizations in a post-pandemic world. It was therefore fantastic to see attendees gather virtually over the course of three days to discuss tangible solutions for navigating the challenges we face today. Sessions and workshops were hosted by a plethora of leading industry experts and centered on the development and implementation of open digital standards to address issues critical to the success of a Digital First enterprise.
By Jim Hietala (VP, BD and Security), Andras Szakal (VP and CTO), John Linford Security and OTTF Forum Director) – The Open Group
In potentially the most damaging cyber-supply chain attack ever, a leading IT systems management vendor became the latest hi-tech company to suffer a major cybersecurity breach with wide-reaching consequences. The malware that caused the attack has been dubbed SUNBURST by Microsoft and code-named Solorigate by FireEye, the security consulting firm that uncovered the breach after falling victim to it late last year.
After successfully infiltrating the development environment, attackers were able to observe and learn how to subvert the vendor’s development and operations pipeline. Hackers were then able to maliciously taint the vendor’s product by planting a sophisticated trojan. Once the software, which required broad systems access, was installed in customers’ environments, the attackers were able to leverage the tainted software to exfiltrate sensitive information from within an organization’s network.
By Steve Nunn, President and CEO, The Open Group
Happy New Year everyone!
Firstly, I hope that you, your family, and friends, have been able to stay safe during these trying times. So many around the world have lost so much in this COVID-19 pandemic which clearly will be with us for some time yet. We must, however, be heartened by the unprecedented speed with which vaccines have been developed. The delivery and administration of these vaccines has only just begun, of course, but we have good reason to be optimistic about the coming months.
This document takes an evolutionary approach to align with and build upon existing or upcoming frameworks, standards, and best-practices, such as the TOGAF® standard, Archimate® Modeling Language, or ISO 9001 for healthcare. All application-related screenshots in this article are based on a prototype, modelled in Enterprise Architect.
The Open Group Security Forum is thrilled to announce the publication of an update to the Open FAIR™ Body of Knowledge (BoK). The Open FAIR BoK is comprised of The Open Group Risk Taxonomy (O-RT) Standard and The Open Group Risk Analysis (O-RA) Standard. The Open Group initiated a standards effort regarding FAIR ~10 years ago, and these standards define the official, open, vendor-neutral and consensus-developed definition of FAIR.
This blog post is the third of three in a series to describe updates to the Open FAIR™ Body of Knowledge. It will describe specific updates to O-RT to bring it to Version 3.0. The first post described revisions made to both O-RA and O-RT for consistency between the documents; the second post described specific updates to O-RA to bring it to Version 2.0.