• A Standard, quantitative, information risk framework and taxonomy with supporting resources to enable business by managing and reducing technology-related risks.
• A certification program for quantitative risk analysts
• The intersection of enterprise architecture, security architecture, and risk
• Security assurance for business technology operations
• Clear guidelines to secure the technology environment in an era of increased business agility and competitiveness
• Zero Trust Security Architectures to enable Digital Transformation
• A framework for managing information security and for managing information in the wider context (O-ISM3)
The Security Forum produces general purpose intellectual property: reusable theory, principles, best practices, methods, white papers, guides, and standards to help suppliers and users of technology implement safe, secure, and cost-effective systems.
Projects & Activities
Security Forum in Action
The Open Group Security Forum regularly presents as part of various conferences and events. Speakers and their presentations at upcoming events are below:
Security Forum Individual Contributor Spotlight
The Security Forum is nothing without the individuals who develop content, drive progress, and evangelize our publications and activities.
Dr. Jack Freund
Over the course of his career in technology and risk, Dr. Jack Freund has become a leading voice in cyber risk measurement and management. As Head of Cyber Risk Methodology for VisibleRisk (the Moody’s/Team8 JV), Jack has overall responsibility for the systemic development and application of frameworks, algorithms, and quantitative and qualitative methods to measure cyber risk. Previously, Jack was Director, Risk Science at quantitative risk management startup RiskLens and then Director, Cyber Risk for TIAA. Jack has 23 years of experience consulting, building, and leading technology and risk management programs for Fortune 100 organizations. He is also the co-author of “Measuring and Managing Information Risk: A FAIR Approach,” which was inducted into the Cybersecurity Canon in 2016 and is the foundational book on cyber risk quantification (CRQ) using the Open FAIR™ standard.
Jack was awarded a Ph.D. in Information Systems after his research in disaster informatics and cyber resilience at Nova Southeastern University. He also holds a Masters in Telecommunication, Project Management, and a BS in CIS. He holds the CISSP, CISA, CISM, CRISC, CGEIT, CDPSE, CIPP, and PMP designations. Jack has been named a Senior Member of the IEEE and ACM, a Fellow of the IAPP and FAIR Institute, and a Distinguished Fellow of the ISSA. He is the 2020 recipient of the (ISC)2 Global Achievement Award, 2018 recipient of ISACA’s John W. Lainhart IV Common Body of Knowledge Award, the FAIR Institute’s 2018 FAIR Champion Award, and presented Nova Southeastern University's Distinguished Alumni Award.
The Security Forum thanks Jack for his foundational role in and advocacy for Open FAIR and for his continued efforts to further develop and refine its concepts and components.
Security Forum Organization Spotlight
Member Organizations of the Security Forum are varied but share a common goal to manage and reduce technology-related risks, secure the technology environment, and raise confidence levels in business technology operations.
Mosaic451 was founded in 2011 and is a Member of The Open Group Security Forum.
Mosaic451 employs a cutting-edge decision-support capability for itself and its clients, which is focused on cybersecurity and information assurance decision-making functions. They leverage the risk-modeling techniques of Open FAIR to bring the actuarial approach to risk management in disciplines traditionally accustomed to decisions based on fear, uncertainty, and doubt (exacerbated by vendors fanning those flames to sell their products). Mosaic451's decision support team is comprised of analysts certified in Open FAIR with backgrounds in mathematics, economics, data science, and information assurance. The team is led by the winner of the inaugural FAIR Institute FAIR champion award.
In addition to its decision-support services, Mosaic451 also provides bespoke cyber operations, analysis, and critical infrastructure defense for high-risk, high-threat, complex and regulated organizations in energy, finance, global distribution, government, healthcare, technology, and transportation. They protect complicated data and distribution systems, including water, hydroelectric, generation capacity, and transportation for tens of millions of Americans across the United States. They protect two of Southern California’s most prestigious healthcare systems; 31 hydro projects on the Columbia river basin alone; airports that serve over 90M passengers a year; and nuclear power plants in multiple states.
Mosaic451 has been recognized with several awards including: CRN Managed Services 500 (2018); CRN Triple Crown Top 50 (2017); Ranked 250 in the CRN Tech Elite (2017); one of INC. 500's America's fastest growing companies (2017 and 2018).
The Security Forum thanks Mosaic451 for the work done around the Open FAIR standard and for helping build and support the global community of information risk analysts.
The Open FAIR Certification for People program is aimed at meeting the needs of risk analysts and organizations employing risk analysts. The program is based on the Open FAIR (Factor Analysis of Information Risk), which provides a model and taxonomy for understanding, analyzing, and measuring information risk.
The Open FAIR Certification Program is based on the Open FAIR™ Body of Knowledge, which is comprised of two standards:
- • The Open Group Risk Taxonomy (O-RT) Standard that provides a standard definition and taxonomy for information security risk, as well as information regarding how to use the taxonomy.
- • The Open Group Risk Analysis (O-RA) Standard that provides risk analysts with the specific processes necessary to perform effective Open FAIR risk analysis.
Join the 1000+ Open FAIR Certified Individuals!