Library Advanced Search

This document provides a standard definition and taxonomy for information security risk, as well as information regarding how to use the taxonomy.

This document is The Open Group Standard for Risk Analysis (O-RA), which provides a set of standards for various aspects of information security risk analysis. It is a companion document to the Risk Taxonomy (O-RT) Standard (C13K).

This document is The Open Group Guide addressing how to integrate considerations of security and risk into an Enterprise Architecture.

How SABSA and TOGAF complement each other to create better architectures

Superseded by C17B

The Open Information Security Management Maturity Model (O-ISM3) is The Open Group framework for managing information security.

This Technical Guide describes in detail how to apply the Open FAIR (Factor Analysis for Information Risk) methodology to any selected risk management framework.

This Guide is the second of an initial set of three Open Group publications addressing Risk Management.

A Cost-Benefit Analysis of Connecting Home Dialysis Machines Online to Hospitals in Norway.

This White Paper describes the legal environment prevailing in India, and discusses security requirements at length and the security remediation measures and security controls for IaaS and SaaS cloud services. The opportunities for cloud computing adoption, along with deployable architectures, are also well articulated and shown.

This White Paper presents the findings from a survey conducted jointly by The Open Group, the Society of Information Risk Analysts (SIRA), and CXOWARE, Inc. The survey sought to determine the current state of information risk management practices in enterprise organizations.

A Taxonomy and Method for Risk Analysis

This White Paper explains why our Information Technology industry needs to establish a set of high-quality data principles, and lists a draft base set of Data Principles.

This White Paper explains why information protection to meet today's and tomorrow's requirements needs to use stronger, more flexible protection mechanisms around the data itself.

This White Paper reviews the challenges in management of networked devices, across the enterprise and into collaborating business enterprises.

This White Paper reviews the business value that Smart Data represents, and the capabilities it has potential to provide.

The content of this publication is historical, based on a previous version of the TOGAF® standard.

This White Paper explains to Enterprise and Security Architects using the TOGAF standard and SABSA framework how the O-ISM3 standard is a valuable resource for aligning security management to the business goals of their ISMS.

Using the O-ISM3 Standard with the CPNI 20 Critical Security Controls (CSC) for Effective Cyber Defense

These Jericho Forum® Identity Commandments define key design principles that need to be observed when planning an identity eco-system designed to operate on a global, de-perimeterized scale

The Jericho Forum® Commandments define the design principles that must be observed when architecting systems for secure operation in de-perimeterized environments.

This White Paper evaluates the different types of cloud and presents them in a Cloud Cube Model, highlighting the key characteristics in each type. It includes key questions that prospective cloud users need to ask their cloud service providers to provide adequate assurance that they are securely collaboratively enabled and compliant with applicable regulations.

This White Paper examines the issues involved in managing digital trust, and the controls that support interoperable trust management solutions in cyberspace, based on accepted business practices, and scalable to all sizes of enterprise.

This White Paper reviews the business drivers for de-perimeterization, to explain why de-perimeterization is happening all round us now, and is inevitable. To maintain their competitiveness for secure online working with business partners, customers, suppliers, and outworkers, IT-dependent organizations need to migrate to security solutions which are effective in our de-perimeterizing world. The Jericho Form® is leading the way forward on how to architect de-perimeterized security solutions. Uk Isbn

Superseded by W142

This White Paper contends that data protection to meet today's and tomorrow's requirements needs to provide stronger, more flexible protection mechanisms around the data itself.

A Framework for Information-Centric Security Governance

This document presents a record of the Intrusion Attack and Response Workshop – Saving Private Data. It contains a checklist for managers whose responsibilities include their company's Incident Response Plan (IRP). The complete script is included, annotated with the main issues raised and the lessons to be learned.

This document presents a record of the Intrusion Attack and Response Workshop – Saving Private Data.

The importance of visibility into and continuous monitoring of your organization’s codebase...

How to apply The Open Group Risk Taxonomy Standard and Risk Analysis Standard to effectively.

This webinar will initially look at the work being carried out in the Architecture and ArchiMate® Forums, both Forums of The Open Group, around risk and security modeling.

This webinar explores the current state and future trends in the risk analysis profession.

This webcast will discuss how to develop an information security value proposition and, more importantly, how to communicate to senior management on risk and security.

This webcast will explore the risk analysis profession, and it will look at requirements for professional certification...

This session will provide an overview of the Technical Standard, how it compliments existing risk frameworks, and how your organization can adopt it.

Learn how to enhance your credibility by more effectively communicating cybersecurity risk to senior management.

The Role-Based Access Control (RBAC) Product Standard provides aid in the adoption of RBAC technology, by simplifying the use and administration of RBAC through unified role names and APIs.

This document describes in detail how to apply the Open FAIR factor analysis for information risk methodology to the NIST Framework for Improving Critical Infrastructure Cybersecurity (NIST Cybersecurity Framework).

A guide to operating in a trust ecosystem.

This Self-Assessment Scheme is designed to assess how effectively a given information security product or solution meets the criteria implicit in the Jericho Forum Commandments.

This Guide is aimed at users of the well-established ISO/IEC 27001 Information Security Management Standard, to explain how The Open Group O-ISM3 Standard (C102) complements and extends ISO/IEC 27001 by adding further security management controls and applying security performance metrics.

This Open Enterprise Security Architecture (O-ESA) Guide provides a valuable reference resource for practicing security architects and designers.

This Guide provides a framework for analyzing when and if a party is able to show 'control' over electronic chattel paper (ECP) pursuant to UCC Section 9-105.

The O-DM standard defines how to construct a data model to manage risk and build trust on organizational dependencies between enterprises, or between operational divisions in a large organization.

This webinar is to enable The Open Group Security Forum members to discuss and raise issues with the technology leaders...

This O-SMA Standard expands on the SMA interoperability and other mobile architecture issues raised in the SMA Snapshot published in March 2013.

This webinar will discuss implementation issues with the O-ISM3 standard...

This webinar will explore Tactical-Specific Processes (TSPs) in depth.

This webinar will provide an overview of the key concepts contained in the standard that relate to process management.

This webinar will provide some of the important concepts embedded in the O-ISM3 standard...

This webinar will provide an overview of the Open Information Security Management Maturity Model (O-ISM3).