Objective of Meeting
The Security Forum met for a half-day session on Tuesday to discuss the status of current projects as well as strategy and objectives over the next 12 months.
A workshop was conducted on Wednesday comparing and contrasting the Open FAIR™ standard with the Boe-Tie standard.
A presentation was given reviewing the SipMath standard from Probability Management. A discussion was held to consider adoption by The Open Group as a standard of The Open Group and its application to other Open Group tools and its benefits to industry in general.
The next development steps were considered for the Open FAIR Risk Analysis Tool including:
- Inclusion of the SipMath Metalogs into the tool
- User interface enhancements
- Maintainability and internal documentation
- Licencing agreements
- Its part in promoting Open FAIR adoption
The future direction of Open FAIR was discussed as follows:
- Status of current Open FAIR projects
- Does the Open FAIR standard need to be updated to reflect advancements in the Open FAIR Risk Analysis spreadsheet tool?
Open FAIR and issues regarding promotion and adoption including:
- Potential extensions to the standard
- Collaboration with the FAIR Institute
- Collaboration with Probability Management
- Rebranding initiative
Additional documentation over the next 12 months:
- Revision of the STIX to Open FAIR mapping White Paper
- Compare and contrast “Risk” definition
The future direction for the Security Architecture Practitioners Project (SAPP) was discussed. Proposed documentation projects include:
Practical Considerations in Security Architectures Decisions:
- Risk management models
- Adversarial thinking
- Cultural alignment
- Identity management (see relevant Jericho Forum material)
- Open FAIR alignment and integration with the SABSA Security Framework (Guide)
- Compare and contrast security frameworks; a document to compare and contrast security frameworks and their relationships to one another, especially their application to security architecture
- Self-protecting data protection/security; how do you document data securely?
A review was also conducted of the Security Forum presentation to the Governing Board.
Notes and action items from the internal discussion were captured and will be brought back to the entire Forum at the next steering committee meeting/work group meeting.
Captured in minutes supplied to the members of the Security Forum.