Security Forum : Current Activities
Our current activities are outlined on this page. Follow the associated links to read more.
Security Architectures
Risk Management
Identity Management
IT Audit & Logging, and Compliance
Automated Compliance
SOA & Security
Secure Mobile Architectures (SMA)
Trust Management - Confidence Model
Secure Enterprise 2.0
Security Architectures
Our past publications show our strong track record in taking an architectural approach to information security. Currently, resulting from work in the Jericho Forum, our active project in this area is developing a standard for a Framework for Collaboration Oriented Architectures.
More on Security Architectures
Risk Management
Business managers need effective assessments of their exposure to risk arising from their IT operations, so they can evaluate the impact of that risk exposure and so make informed decisions on how best to manage it for their business. Already we have published our Risk Taxonomy standard, and our Guide to Evaluating Risk Assessment Methodologies. We are continuing with development of our Risk Assessment Methodology and Cookbook standard, and a standard for Visualization of Risk.
Identity Management
The Security Forum has been a consistent contributor to the achievements of the Identity Management Forum – identity and authentication are core components in information security solutions. We contribute to ISO JTC1 SC27 as Category C liaison contributors. We anticipate that as we gain experience in our new project to extend secure business collaboration into cloud computing, this will require significant contributions from identity management experts towards developing standards for Identity Management and Information Asset Management (IAM) between cloud services providers.
IT Audit & Logging, and Compliance
This project is focused on updating our 1998 Distributed Audit Services (XDAS) standard, to revise and extend it to meet today’s more demanding requirements for event reporting, logging, and auditability in IT systems. We recognize the major impact of Legal and Regulatory Compliance as a business driver for assuring compliance. Our current project includes working with Mitre (on CEE) and others.
IT Audit & Logging, & Compliance
Automated Compliance
Our Automated Compliance Expert (ACE) standard will enable enterprises to define security compliance configurations in standard XML (ACEML), across multiple platforms and operating systems in their organization. It then monitors for compliance and alerts to any lapses. The potential benefits to enterprises in cost-savings and guarantees of maintaining compliance are enormous. ACE complements, not competes with, the work in NIST/NSA/DHS, COBIT, ISO, PCI, and OASIS.
SOA & Security
This project is a collaboration with our Open Group Service Oriented Architectures (SOA) Work Group, to evaluate what additional security considerations SOA environments demand, with the aim of developing a Best Practice Guide for SOA architects and practitioners who need to design and implement secure SOA environments.
Secure Mobile Architectures (SMA)
The ability to maintain continuous connectivity in a mobile environment is critical in a number of application environments, including manufacturing flow lines, and safety-critical SCADA environments. We are liaising with the PCI Forum, ARC, SANS Institute, ISA, and TCG-TNC to identify the common technologies which need a standards-based solution.
More on Secure Mobile Architectures (SMA)
Trust Management - Confidence Model
The high-level vision is to define common levels of sensitivity and classification of data as an industry standard, and to specify responsive protection mechanisms that will assure its secure operation.
More on Trust Management - Confidence Model
Secure Enterprise 2.0
Analysts list "consumerization of the enterprise" as one of today's most important corporate IT trends. In fact, consumer (i.e., "Web 2.0") technologies are already finding their way into the enterprise, often without the approval of corporate IT management. This Working Group is addressing how to secure Web 2.0 for enterprise business use.
