Presentation is loading. Please wait.

Presentation is loading. Please wait.

12 November 2018 Active Loss Prevention A business approach to IT Security and Risk Management Mike Lambert Vice President Mobile +1 650 888 2469 GSM.

Published byLesley Briggs Modified over 5 years ago

Similar presentations

Presentation on theme: "12 November 2018 Active Loss Prevention A business approach to IT Security and Risk Management Mike Lambert Vice President Mobile +1 650 888 2469 GSM."— Presentation transcript:

1 12 November 2018 Active Loss Prevention A business approach to IT Security and Risk Management Mike Lambert Vice President Mobile GSM Apex Plaza Forbury Road Reading, RG1 1AX Tel Fax (C) The Open Group 2003

2 Agenda The Open Group Security in The Open Group
You may replace the logo with something relevant to your Forum. 12 November 2018 Agenda The Open Group Security in The Open Group Active Loss Prevention (C) The Open Group 2003

3 Agenda The Open Group Security in The Open Group
You may replace the logo with something relevant to your Forum. 12 November 2018 Agenda The Open Group Security in The Open Group Active Loss Prevention (C) The Open Group 2003

4 12 November 2018 The Open Group is . . . A global consortium committed to delivering greater business efficiency by bringing together buyers and suppliers of information technology to lower the time, cost and risk associated with integrating new technology across the enterprise. The Open Group is a global consortium of buyers and suppliers of IT products and services, who are dedicated to enabling the delivery and procurement of IT products that interoperate. We call this interoperation “boundaryless information flow ™”. 12 November 2018 (C) The Open Group 2003 (C) The Open Group 2003

5 Statistics 200 Member Organizations 6000 Participants 17 Countries
12 November 2018 Statistics Customers Banks, Financial Services, Lawyers Government Departments and Agencies Manufacturers, Retail Suppliers Systems Vendors Middleware and Applications Integrators Architects 200 Member Organizations 6000 Participants 17 Countries Combined procurement influence >$50bn pa Founded in 1986 as X/Open, The Open Group has been around for a while. We have 65 Staff and 3 Offices 1 in Reading, UK 1 in San Francisco, CA and 1 in Woburn, MA The Open Group has Approximately 200 Members And 6,000 Participants in 17 Countries Representing a combined procurement influence of > $50 billion per annum The Open Group has Regional Chapters in: Australia & New Zealand China & Hong Kong India Italy Japan Korea Portugal UK The Open Group is the Owner of the UNIX® trademark. 12 November 2018 (C) The Open Group 2003 (C) The Open Group 2003

6 Problems from … External “Out” Space Internal Space External “In”
12 November 2018 Problems from … Procuring Manufacturing Legal Finance Assembling Customer Support Selling Operational Processes External “In” Space Internal Space External “Out” Space Need to integrate and optimize processes Procurement Systems Design Online Systems ERP Requirements Let’s step back and take a look at the driving force for the need. There is the business imperative to optimize for operational efficiencies or competitive advantage. This comes about for many reasons be they that a company has had a merger and there is the need to integrate processes, or that a company has re-organized generating a need to integrate processes, or that there is a need to optimize the entire value chain. Whatever the case, the processes subject to scrutiny can be categorized as buy-side processes, internal processes that do the magic, and sell side processes. The process listed in each category are not complete but are typical. The need for organizations to have Boundaryless Information Flow™ stems from the need to improve operational efficiencies. Business processes must be integrated horizontally and vertically to improve operational efficiencies, however the systems supporting those business processes present obstacles because they contain multiple self-contained or point solutions where information is not currently (and can not easily be) shared – that is there is a lack of integrated information. Additionally, where access to the information in the multiple systems is provided by point solutions that don’t easily and readily submit to requests from other access paths. Note these problems aren’t merely about information technology, they start with business issues, business policies and are sometime supported by information technology. The barriers that must be broken down are at both the business and technical levels. 12 November 2018 (C) The Open Group 2003 (C) The Open Group 2003

7 Actually Want This… Processes Systems External “Out” Space
12 November 2018 Actually Want This… External “Out” Space Processes Customer Support Internal Space Manufacturing Legal Finance Assembling Online Systems External “In” Space Design Systems But looking at the details, even in an oversimplified way, one can see that the “systems” supporting these processes are not single systems - there are many. In order to get the operational efficiencies a level of integration must occur at 2 points. Integrated information must happen to provide a single view of information within a given vertical area such as procurement, or requirements, or enterprise resource planning information, … Additionally to support end to end process improvements an integrated view must be provided horizontally. These two points are integrated information and access. Note these systems need not be technology systems, they can be organizational systems. The need to integrate the information and provide access exists despite of the level of computer technology that exists in the environment. Procuring ERP Systems Requirements Systems Systems Procurement Systems 12 November 2018 (C) The Open Group 2003 (C) The Open Group 2003

8 But Have This Processes Systems Ext. “Out” Space Internal Space
12 November 2018 But Have This Ext. “Out” Space Processes Customer Support Internal Space Manufacturing Legal Finance Assembling Online Systems External “In” Space Design Systems Procuring ERP Systems Requirements Systems Systems Procurement Systems 12 November 2018 (C) The Open Group 2003 (C) The Open Group 2003

9 Vision Boundaryless Information Flow™
12 November 2018 Vision Boundaryless Information Flow™ achieved through global interoperability in a secure, reliable and timely manner. The Open Group’s Vision, and Mission, related to Boundaryless Information Flow™ is based on the customer’s problem statement which says that I (as the customer) could run my business better if I could gain operational efficiencies improving the many different business processes of the enterprise both internal, and spanning the key interactions with suppliers, customers, and partners using integrated information, and access to that information. Please see the next slide to explain what Boundaryless Information Flow™ is. 12 November 2018 (C) The Open Group 2003 (C) The Open Group 2003

10 Mission To drive the creation of Boundaryless Information Flow™ by:
12 November 2018 Mission To drive the creation of Boundaryless Information Flow™ by: Working with customers to capture, understand and address current and emerging requirements, establish policies and share best practices; Working with suppliers, consortia and standards bodies to develop consensus and facilitate interoperability, to evolve and integrate open specifications and open source technologies; Offering a comprehensive set of services to enhance the operational efficiency of consortia; and Developing and operating the industry's premier certification service and encouraging procurement of certified products. One of the key drivers in the development of The Open Group’s Vision is the need, expressed by our members (and others) to “create a worldwide market for interoperable IT products supporting access to integrated information, in which all stakeholder needs are addressed”. As a consortia itself The Open Group is unique in working with both customers and suppliers, as well as other consortia and standards bodies to develop specifications for the interoperability of IT products – both hardware and software. And we go further by offering testing and certification services to ensure compliance with those standards. Helping to develop boundaryless information flow™, and deliver it too. We offer a comprehensive set of Consortia Services to help other Consortia to operate their own programs efficiently. 12 November 2018 (C) The Open Group 2003 (C) The Open Group 2003

11 Agenda The Open Group Security in The Open Group
You may replace the logo with something relevant to your Forum. 12 November 2018 Agenda The Open Group Security in The Open Group Active Loss Prevention (C) The Open Group 2003

12 Boundaryless Information Flow™ - Technical Taxonomy
12 November 2018 Boundaryless Information Flow™ - Technical Taxonomy Security Qualities Security Mobility Application Platform Information Consumer Applications Development Tools Brokering Applications Management Utilities The current view of the architecture reference model for Boundaryless Information Flow™ is depicted here. This picture was derived from the business issues already presented. First we understand that there are human and computing actors in the business environment that need information. These are information consumers. Second we understand that there are human and computing actors that have information and these are called information providers. Information consumers need technology services to help them request information. Information providers need services to help them liberate the information in their control. Thus information consumer services and information provider services. Additionally we have established that there are numerous types of information consumer and information provider, much like in the stock market industry where brokers serve the purpose of helping information consumers get access to all the information they need from all the different information providers. This we have Brokering services in the reference model. Additionally in the business environment we understand there are development organizations, outsourced or in-house, and there are management organizations. These organizations are supported by tools and utilities to develop and manage the information services already discussed. Also in the business environment we know that people and information are spread out and mobile. Therefore there is a need for a phone book, a directory. This is provided to the tools, utilities and services through the directory services in the reference model. Finally the business environment must be secure, is mobile, must perform to meet the business needs, and must be manageable. This is depicted by the associated qualities that the reference model must support. Again this reference model is focused on only those tools, utilities and services that develop, manage, or provide access to integrated information. It assumes an underlying technology platform of operating systems, networks, and middleware. Information Provider Applications Performance Manageability 12 November 2018 (C) The Open Group 2003 (C) The Open Group 2003

13 Current Security Activities in The Open Group
Active Loss Prevention Business Context Risk Vocabulary Identity Management PKI Guidelines & Management Secure Mobile Architecture ML Security For Real-time Security Guides For Managers Security Design Patterns Access Control Trust Services Secure Messaging 12 November 2018 (C) The Open Group 2003

14 Agenda The Open Group Security in The Open Group
You may replace the logo with something relevant to your Forum. 12 November 2018 Agenda The Open Group Security in The Open Group Active Loss Prevention (C) The Open Group 2003

15 The Goal To reduce the incidence and impact of loss that occurs as a result of unauthorized activity in information systems within and between organizations 12 November 2018 (C) The Open Group 2003

16 The Driver Participation in eCommerce is an imperative for many enterprises Known Rewards Increased Revenue Customer Relations Reduced Costs Unknown Risks 12 November 2018 (C) The Open Group 2003

17 The Approach Business oriented approach to understand risks and integrate into overall risk management Technically oriented activities to provide necessary levels of trust 12 November 2018 (C) The Open Group 2003

18 Customer Requirements
Vocabulary of risk terms A set of terms that can be used to accurately communicate risk information Liability Examples: Standard contract terms, model law, model regulation, standard terms of business etc Vocabulary of risk terms Liability Actuarial Data Enable the insurance industry to assess risk, cost, frequency of events, severity etc Trust Services Technical services that will be needed to deliver the requirements of other groups Actuarial Data Trust Services 12 November 2018 (C) The Open Group 2003

19 The Fire Department Model
Prevent fires from starting Approved architecture Certified materials and building methods Regular inspection Prevent fires from spreading Heat/smoke detectors Fire fighting equipment Trained fire-fighters Limit potential loss when they do start and spread Fire breaks Fireproof safes Insurance 12 November 2018 (C) The Open Group 2003

20 How does this apply to IT security
Prevent fires from starting Approved architecture Certified components and integration methods Real-time establishment of trust Prevent fires from spreading Application/system instrumentation to allow early detection of abnormal behavior Real-time sharing of system/application status Trained fire-fighters Limit potential loss when they do start and spread Firewalls Backups Insurance 12 November 2018 (C) The Open Group 2003

21 Active Project Areas Vocabulary of Risk Terms - accurately communicate risk information between the various professions involved in managing a business. Liability - determine standards and best practices for standard contract terms, model law, model regulation, negotiation terms, standard terms of business etc. Actuarial Data - define the data that the insurance industry will need to gather in order to build actuarial data, assigning frequency, severity and normalizing the data across industries. Trust Services - specify technical support needed for business best practices 12 November 2018 (C) The Open Group 2003

22 Some quotes “Trust … … but verify” “Trust is essential to business
Ronald Reagan “Trust is essential to business - security just gets in the way” “It is good to trust … … it is better not to” Sholom Bryski 12 November 2018 (C) The Open Group 2003

23 Mike Lambert 12 November 2018 Apex Plaza Forbury Road Vice President
Mobile GSM Apex Plaza Forbury Road Reading, RG1 1AX Tel Fax (C) The Open Group 2003

Download ppt "12 November 2018 Active Loss Prevention A business approach to IT Security and Risk Management Mike Lambert Vice President Mobile +1 650 888 2469 GSM."

Similar presentations

Public B2B Exchanges and Support Services

Public B2B Exchanges and Support Services
Life Science Services and Solutions

Life Science Services and Solutions
In Harmony, In the Cloud: Harmonizing Data Protection Rules In a Cross-Border World Steve Mutkoski Worldwide Director Policy Microsoft Corporation.

In Harmony, In the Cloud: Harmonizing Data Protection Rules In a Cross-Border World Steve Mutkoski Worldwide Director Policy Microsoft Corporation.
The Financial Modernization Act of 1999, also known as the Gramm-Leach-Bliley Act (GLBA) UNDERSTANDING AND DEVELOPING A STRATEGIC PLAN TO BECOME COMPLIANT.

The Financial Modernization Act of 1999, also known as the Gramm-Leach-Bliley Act (GLBA) UNDERSTANDING AND DEVELOPING A STRATEGIC PLAN TO BECOME COMPLIANT.
Security Controls – What Works

Security Controls – What Works
SOA Update from The Open Group OMG Technical Meeting 4 December 2006 Dr Christopher J Harding Forum Director Tel +44 118 902 3018 Mobile +44 774 063 1520.

SOA Update from The Open Group OMG Technical Meeting 4 December 2006 Dr Christopher J Harding Forum Director Tel Mobile
How to Grow Revenues Through Supply Chain Relationship Management Bill Burke President, CEO ePlains, Inc.

How to Grow Revenues Through Supply Chain Relationship Management Bill Burke President, CEO ePlains, Inc.
E-Learning, Human Capital Management and the Banking Sector Dimitris Baltas, ATC ROM.

E-Learning, Human Capital Management and the Banking Sector Dimitris Baltas, ATC ROM.
TeleManagement Forum The voice of the OSS/BSS industry.

TeleManagement Forum The voice of the OSS/BSS industry.
An Open Group Perspective James de Raeve VP Business Development

An Open Group Perspective James de Raeve VP Business Development
RBC Supply Chain Solutions. Who we are ? RBC Sourcing provides e-procurement solutions through a unique blend of proven on-demand technologies, affordable.

RBC Supply Chain Solutions. Who we are ? RBC Sourcing provides e-procurement solutions through a unique blend of proven on-demand technologies, affordable.
Chapter 16 Information and Operations. 16- 2 Management 1e 16- 2 Management 1e - 2 Management 1e Learning Objectives  Explain how managers use controls.

Chapter 16 Information and Operations Management 1e Management 1e - 2 Management 1e Learning Objectives  Explain how managers use controls.
The Open Group Messaging Forum 2003 Master Plan Mike Lambert VP Membership & Programs, CTO Mobile +1 650 888 2469 GSM +44 7770 451167

The Open Group Messaging Forum 2003 Master Plan Mike Lambert VP Membership & Programs, CTO Mobile GSM
ERP and Related Technologies

ERP and Related Technologies
Proposal and Company Information Document CONTENT About Indagatio Research Our Research Offerings Why Indagatio Research Our Work Process Project Snapshot.

Proposal and Company Information Document CONTENT About Indagatio Research Our Research Offerings Why Indagatio Research Our Work Process Project Snapshot.
ELC 200 Day 4. Agenda Questions Assignment 1 posted  assignment1.pdf assignment1.pdf  Due Next Class, Jan 9:35 AM Assignment 2 will be posted soon.

ELC 200 Day 4. Agenda Questions Assignment 1 posted  assignment1.pdf assignment1.pdf  Due Next Class, Jan 9:35 AM Assignment 2 will be posted soon.
Innovation Manager SPECIFIC DUTIES AND RESPONSIBILITIES Manage new product projects from concept through commercialization. Partner with Brand Teams to.

Innovation Manager SPECIFIC DUTIES AND RESPONSIBILITIES Manage new product projects from concept through commercialization. Partner with Brand Teams to.
Information Systems in Organizations 4.2 Customer Relationship Management Systems.

Information Systems in Organizations 4.2 Customer Relationship Management Systems.
Business Briefing Security Service Providers

Business Briefing Security Service Providers
Chapter 6: Securing the Cloud

Chapter 6: Securing the Cloud

Similar presentations

Ads by Google