Library Advanced Search
84 item(s) were found using the following search criteria
- Subject: Security
Don't see what you're looking for? Modify your search
-
Risk Taxonomy (O-RT), Version 2.0
Superseded by C20BLearn MoreThis document provides a standard definition and taxonomy for information security risk, as well as information regarding how to use the taxonomy.
-
Risk Analysis (O-RA)
Superseded by C20ALearn MoreThis document is The Open Group Standard for Risk Analysis (O-RA), which provides a set of standards for various aspects of information security risk analysis. It is a companion document to the Risk Taxonomy (O-RT) Standard (C13K).
-
Integrating Risk and Security within a TOGAF® Enterprise Architecture
This document is The Open Group Guide addressing how to integrate considerations of security and risk into an Enterprise Architecture.Learn More -
TOGAF® and SABSA® Integration
How SABSA and TOGAF complement each other to create better architecturesLearn More -
Open Information Security Management Maturity Model (O-ISM3)
Superseded by C17BLearn MoreThe Open Information Security Management Maturity Model (O-ISM3) is The Open Group framework for managing information security.
-
Open FAIR - ISO/IEC 27005 Cookbook
This Technical Guide describes in detail how to apply the Open FAIR (Factor Analysis for Information Risk) methodology to any selected risk management framework.Learn More -
Requirements for Risk Assessment Methodologies
This Guide is the second of an initial set of three Open Group publications addressing Risk Management.Learn More -
How to Put Open FAIR™ Risk Analysis Into Action
A Cost-Benefit Analysis of Connecting Home Dialysis Machines Online to Hospitals in Norway.Learn More -
Best Practices for Security in Cloud Adoption by Indian Banks
This White Paper describes the legal environment prevailing in India, and discusses security requirements at length and the security remediation measures and security controls for IaaS and SaaS cloud services. The opportunities for cloud computing adoption, along with deployable architectures, are also well articulated and shown.Learn More -
IT Risk Management Survey Summary
This White Paper presents the findings from a survey conducted jointly by The Open Group, the Society of Information Risk Analysts (SIRA), and CXOWARE, Inc. The survey sought to determine the current state of information risk management practices in enterprise organizations.Learn More -
An Introduction to the Open FAIR Body of Knowledge
A Taxonomy and Method for Risk AnalysisLearn More -
The Need for Data Principles
This White Paper explains why our Information Technology industry needs to establish a set of high-quality data principles, and lists a draft base set of Data Principles.Learn More -
Protecting Information: Steps for a Secure Data Future
This White Paper explains why information protection to meet today's and tomorrow's requirements needs to use stronger, more flexible protection mechanisms around the data itself.Learn More -
Managing Network Entities in a Collaborative World
This White Paper reviews the challenges in management of networked devices, across the enterprise and into collaborating business enterprises.Learn More -
Smart Data for Secure Business Collaboration
This White Paper reviews the business value that Smart Data represents, and the capabilities it has potential to provide.Learn More -
Information Security Management (O-ISM3, TOGAF®, and SABSA®)
The content of this publication is historical, based on a previous version of the TOGAF® standard.Learn MoreThis White Paper explains to Enterprise and Security Architects using the TOGAF standard and SABSA framework how the O-ISM3 standard is a valuable resource for aligning security management to the business goals of their ISMS.
-
Information Security Management (20 CSC)
Using the O-ISM3 Standard with the CPNI 20 Critical Security Controls (CSC) for Effective Cyber DefenseLearn More -
Jericho Forum® Identity Commandments
These Jericho Forum® Identity Commandments define key design principles that need to be observed when planning an identity eco-system designed to operate on a global, de-perimeterized scaleLearn More -
Jericho Forum® Commandments
The Jericho Forum® Commandments define the design principles that must be observed when architecting systems for secure operation in de-perimeterized environments.Learn More -
Jericho Forum® Cloud Cube Model
This White Paper evaluates the different types of cloud and presents them in a Cloud Cube Model, highlighting the key characteristics in each type. It includes key questions that prospective cloud users need to ask their cloud service providers to provide adequate assurance that they are securely collaboratively enabled and compliant with applicable regulations.Learn More -
Jericho Forum® Trust and Co-operation
This White Paper examines the issues involved in managing digital trust, and the controls that support interoperable trust management solutions in cyberspace, based on accepted business practices, and scalable to all sizes of enterprise.Learn More -
Jericho Forum® Business Rationale for De-Perimeterization, Version 2.0
This White Paper reviews the business drivers for de-perimeterization, to explain why de-perimeterization is happening all round us now, and is inevitable. To maintain their competitiveness for secure online working with business partners, customers, suppliers, and outworkers, IT-dependent organizations need to migrate to security solutions which are effective in our de-perimeterizing world. The Jericho Form® is leading the way forward on how to architect de-perimeterized security solutions. Uk IsbnLearn More -
Jericho Forum® Data Protection
Superseded by W142Learn MoreThis White Paper contends that data protection to meet today's and tomorrow's requirements needs to provide stronger, more flexible protection mechanisms around the data itself.
-
Information Security Strategy, Version 1.0
A Framework for Information-Centric Security GovernanceLearn More -
Saving Private Data:Intrusion Attack and Response Workshop (inc. Full Script)
This document presents a record of the Intrusion Attack and Response Workshop – Saving Private Data. It contains a checklist for managers whose responsibilities include their company's Incident Response Plan (IRP). The complete script is included, annotated with the main issues raised and the lessons to be learned.Learn More -
Saving Private Data:Intrusion Attack and Response Workshop
This document presents a record of the Intrusion Attack and Response Workshop – Saving Private Data.Learn More -
Is your Organization Ready to Respond to the Next Heartbleed?
The importance of visibility into and continuous monitoring of your organization’s codebase...Learn More -
Applying Open FAIR to Analyze Risk in a Retail Environment
How to apply The Open Group Risk Taxonomy Standard and Risk Analysis Standard to effectively.Learn More -
Visualizing the Business Impact of Technical Cyber Risks
This webinar will initially look at the work being carried out in the Architecture and ArchiMate® Forums, both Forums of The Open Group, around risk and security modeling.Learn More -
Open FAIR Certification for Risk Analysts
This webinar explores the current state and future trends in the risk analysis profession.Learn More -
Risk and IT Security: Developing and Communicating the InfoSec Value Proposition to Senior Management
This webcast will discuss how to develop an information security value proposition and, more importantly, how to communicate to senior management on risk and security.Learn More -
The Value of Certification for Risk Analysts
This webcast will explore the risk analysis profession, and it will look at requirements for professional certification...Learn More -
Quantifying Cybersecurity Risk in $$$
This session will provide an overview of the Technical Standard, how it compliments existing risk frameworks, and how your organization can adopt it.Learn More -
Communicating Cybersecurity Risk to Business Leaders
Learn how to enhance your credibility by more effectively communicating cybersecurity risk to senior management.Learn More -
Role-Based Access Control (RBAC)
The Role-Based Access Control (RBAC) Product Standard provides aid in the adoption of RBAC technology, by simplifying the use and administration of RBAC through unified role names and APIs.Learn More -
The Open FAIR™ – NIST Cybersecurity Framework Cookbook
This document describes in detail how to apply the Open FAIR factor analysis for information risk methodology to the NIST Framework for Improving Critical Infrastructure Cybersecurity (NIST Cybersecurity Framework).Learn More -
Trust Ecosystem Guide
A guide to operating in a trust ecosystem.Learn More -
Jericho Forum® Self-Assessment Scheme
This Self-Assessment Scheme is designed to assess how effectively a given information security product or solution meets the criteria implicit in the Jericho Forum Commandments.Learn More -
Optimizing ISO/IEC 27001:2013 using O-ISM3
This Guide is aimed at users of the well-established ISO/IEC 27001 Information Security Management Standard, to explain how The Open Group O-ISM3 Standard (C102) complements and extends ISO/IEC 27001 by adding further security management controls and applying security performance metrics.Learn More -
Open Enterprise Security Architecture (O-ESA): A Framework and Template for Policy-Driven Security
This Open Enterprise Security Architecture (O-ESA) Guide provides a valuable reference resource for practicing security architects and designers.Learn More -
Framework for Control over Electronic Chattel Paper
This Guide provides a framework for analyzing when and if a party is able to show 'control' over electronic chattel paper (ECP) pursuant to UCC Section 9-105.Learn More -
Dependency Modeling (O-DM)
The O-DM standard defines how to construct a data model to manage risk and build trust on organizational dependencies between enterprises, or between operational divisions in a large organization.Learn More -
Dependency Modeling – Capturing and Sharing Organizational Interdependencies
This webinar is to enable The Open Group Security Forum members to discuss and raise issues with the technology leaders...Learn More -
Open Secure Mobile Architecture (O-SMA): Reference Architecture and Implementation Guidance
This O-SMA Standard expands on the SMA interoperability and other mobile architecture issues raised in the SMA Snapshot published in March 2013.Learn More -
O-ISM3 Implementation and Case Study
This webinar will discuss implementation issues with the O-ISM3 standard...Learn More -
Deep Dive on O-ISM3 – Tactical-Specific Processes Overview
This webinar will explore Tactical-Specific Processes (TSPs) in depth.Learn More -
Deep Dive on O-ISM3 – Process Model, Generic Processes, and Strategic-Specific Processes
This webinar will provide an overview of the key concepts contained in the standard that relate to process management.Learn More -
Deep Dive on O-ISM3 – Business Context and Security Concepts
This webinar will provide some of the important concepts embedded in the O-ISM3 standard...Learn More -
An Introduction to O-ISM3
This webinar will provide an overview of the Open Information Security Management Maturity Model (O-ISM3).Learn More -
Logging Use-Cases and Standards Update
This second webcast will explore some log management use-cases...Learn More