Sitting Down with Joanne Woytek- Elected Customer Representative to The Open Group Governing Board

By Ash Patel – Marketing Specialist, The Open Group

Recently we reached out to Joanne Woytek (Program Director for the NASA SEWP Program), to discuss her role as a Governing Customer Member Representative for The Open Group Governing Board.

The Open Group Event Highlights – July 25-27, 2022 – Washington DC

In late July, The Open Group hosted an event bringing together speakers and practitioners from around the world to meet in Washington, DC at the historical Mayflower Hotel, and discuss some of today’s most vital topics in the area of security and resiliency. 

With a focus on Zero Trust Architecture and Supply Chain Security, leaders from businesses including Microsoft, IBM, Micro Focus, and ServiceNow joined experts from public sector organizations like NIST and NASA, together with representatives from The Open Group itself, to explore how open standards are driving important developments and actionable insights in these important and developing topics.

The Open FAIR™ Body of Knowledge: Gaining Awareness and Adoption Internationally

By Jim Hietala, VP of Security and Business Development, The Open Group and John Linford, Forum Director, Security and Open Trusted Technology Forums, The Open Group.

Open FAIR has seen rapid and extensive adoption in the US, where it has become the defacto standard for quantifying cybersecurity risk. We at The Open Group are encouraged that Open FAIR awareness and adoption are also increasing globally, and we’ve also seen some increased usage outside of the traditional IT risk quantification area. Some interesting recent developments on increased Open FAIR use and adoption outside of the US, and outside of the IT area include:

The Open Group and the Executive Order on Improving the Nation’s Cybersecurity

On May 12, 2021, President Joe Biden issued the Executive Order on Improving the Nation’s Cybersecurity. This EO enumerates that “…the prevention, detection, assessment, and remediation of cyber incidents is a top priority and essential to national and economic security.” The EO contains a significant level of detail regarding areas of improvement for federal IT systems, as well as policy responses to be implemented by the government in support of greater security for private and public IT systems. The EO mentions in some detail the shift to zero trust security as a part of what is needed to combat cyber threats, as well as increased reliance on enhanced supply chain security.

Solorigate: A case study for why supply chain security is critical for governments and businesses

By Jim Hietala (VP, BD and Security), Andras Szakal (VP and CTO), John Linford Security and OTTF Forum Director) – The Open Group

In potentially the most damaging cyber-supply chain attack ever, a leading IT systems management vendor became the latest hi-tech company to suffer a major cybersecurity breach with wide-reaching consequences. The malware that caused the attack has been dubbed SUNBURST by Microsoft and code-named Solorigate by FireEye, the security consulting firm that uncovered the breach after falling victim to it late last year.

After successfully infiltrating the development environment, attackers were able to observe and learn how to subvert the vendor’s development and operations pipeline. Hackers were then able to maliciously taint the vendor’s product by planting a sophisticated trojan. Once the software, which required broad systems access, was installed in customers’ environments, the attackers were able to leverage the tainted software to exfiltrate sensitive information from within an organization’s network.

Updates to the Open FAIR™ Body of Knowledge, Part 3

The Open Group Security Forum is thrilled to announce the publication of an update to the Open FAIR™ Body of Knowledge (BoK). The Open FAIR BoK is comprised of The Open Group Risk Taxonomy (O-RT) Standard and The Open Group Risk Analysis (O-RA) Standard. The Open Group initiated a standards effort regarding FAIR ~10 years ago, and these standards define the official, open, vendor-neutral and consensus-developed definition of FAIR.

This blog post is the third of three in a series to describe updates to the Open FAIR™ Body of Knowledge. It will describe specific updates to O-RT to bring it to Version 3.0. The first post described revisions made to both O-RA and O-RT for consistency between the documents; the second post described specific updates to O-RA to bring it to Version 2.0.

1 2 3 15