Overview
The Open Group Conference Amsterdam 2010 began Monday, October 18 at the NH Grand Hotel Krasnapolsky. The conference gathered to discuss themes along three primary tracks:
- Cybersecurity - architectures for managing uncertainty
- Transforming EA into a business discipline – aligning the practice of EA with the requirements of business decision-making
- Cloud computing – the business impact of cloud computing
Morning Plenary
The theme for Day One was cybersecurity – a theme that created a huge amount of debate and discussion. Plenary session presentations in the morning tended to fall around three central topics: trust, collaboration, and the relationship between government and enterprise.
Keynote: Towards A Modernized Network and Information Security Policy in Europe
Andrea Servida, Deputy Head of the Internet, Network and Information Security Unit, Information Society and Media Directorate-General, European Commission
Following a brief introduction from Allen Brown, President & CEO, The Open Group, Andrea addressed the conference remotely after train strikes in Brussels made it impossible for him to travel to Amsterdam. He explained how the European Commission is slowly but gradually ensuring EU member states work together to address the issues and challenges surrounding information security.
Information security, he explained, was defined by the EC in 2001 as: “The ability of a network, or information system, to resist at a given level of confidence accidental events or malicious actions.” He went on to outline the EC’s drivers for developing information security policy. These included:
- Making security and resilience the front line of defense
- Developing a risk management culture in the EU
- Identifying socio-economic incentives
- Promoting openness, diversity, interoperability, usability, and competition
- The need for a global collaborative and operational approach
- The need to build a capability and policy framework for information security in Europe
After outlining key milestones that had been achieved by the EC, such as the founding of the European Network and Information Security Agency (ENISA) in 2004, Andrea discussed the EC’s motivations for a revised regulatory framework for e-communications. He commented that more reliable and secure e-communication was not only important for economic development but society as a whole. He therefore stressed the importance of governments engaging with enterprises in a meaningful manner and outlined priorities including:
- Protecting Europe from large-scale cyber attacks
- Promoting a security and resilience culture
- Tackling cyber attacks and disruptions from a systematic perspective
In his concluding comments, Andrea stated that security is important because if there’s no trust there will be low use. He stressed that cooperation both between member states and private organizations is crucial in establishing this trust.
Trusted Technology Forum – Build with Integrity, Buy with Confidence
Andras Szakal, Director Software Architecture, IBM US Federal Software Group
Andras began his talk by announcing that The Open Group is establishing a new Forum – the Trusted Technology Forum (TTF) – to address changes to the IT landscape that have occurred in the past 10 to 15 years. The Forum will seek to identify and gain consensus on common processes, techniques, methods, product, and system testing procedures and language to describe and guide product development and supply chain management practices.
The Forum acknowledges the importance of establishing trust and will address questions including:
- What potential integrity risk may be inherited from supply chains?
- Which practices can mitigate potential risks of significant supply chain attacks?
- What software or engineering practices can help reduce product integrity risks?
The TTF has already attracted significant vendor interest, including big players such as Microsoft, and will adopt the tagline: "Build with integrity, buy with confidence". Andras explained the Forum is currently focused on developing a marked accreditation program and addressing global policy issues. When summarizing the activity of the Forum he stated that it has a realistic and progressive focus on addressing some of the major IT challenges facing organizations today.
He concluded that the TTF’s formation includes a call to action: Anyone interested in becoming part of this new Forum or learning more should contact Mike Hickey of The Open Group: m.hickey@opengroup.org.
CyberSecurity: What Seven National Governments are Doing
Nicolas Mansfield, Information Security Consultant, Organisation for Economic Co-Operation & Development (OECD)
Nicolas began by providing a brief overview of the work of the OECD, which he explained is an inter-governmental organization made of up 33 member countries committed to democracy and the market economy. He then touched on the issue of interoperability, which he described on a global level has having four levels:
- Technical
- Legal
- Policy
- Business process
Nicolas went on to talk about his involvement with the Working Party for Information Security and Privacy (WPISP) which he said aims to develop trust and consensus in the Internet and economy. The party’s focus areas include: cyber security, identity management, protection of children online, cloud, and cryptology.
He went on to discuss good practice for information security, which he believes should include:
- Clear policy and objective
- An approach that’s consistent with the culture of participants
- Visible support and commitment from leadership
- Good understanding through risk assessment and management
- Effective information sharing
- Comprehensive measurement and assessment
Nicolas pointed out the importance of "joined-up thinking" which should include integrating physical and IT security departments so that critical infrastructure issues may be tackled quickly. He also commented that countries need to acknowledge that it is not possible to make everything 100% safe and risk-free, so mapping out capabilities is crucial. This, he suggested, helps in identifying where there may be opportunities for cross-border collaboration.
Afternoon Tracks
In the afternoon, members had the opportunity to attend sessions on four separate tracks. Tracks focused on:
- Security architecture
- TOGAF™
- SOA
- Professionalizing the discipline of enterprise architecture
Professionalizing the Discipline of Enterprise Architecture
Paul Bonnie, Head of Enterprise Architecture Office, ING, The Netherlands
Paul kicked off the track with an engaging talk about a transformation program ING had undertaken to professionalize and mature its operations and IT organization. He explained that part of this program was the professionalization of the architect’s community under the three pillars of people, process, and technology.
At a process level, he explained that standardization was important since the organization was using various different frameworks. He went on to discuss how the organization adapted TOGAF™ as the basis for its enterprise architecture processes, and said the framework had inspired ING to develop its own processes. In the people pillar, various actions have been initiated, including the definition and rollout of an ITAC Profiling and Certification Program.
Paul went on to outline the value of certification to ING which included:
- Assuring the experience and knowledge of IT teams
- Allowing the team to speak with one "professional voice"
- Generating higher rates of productivity
- Delivering a consistent level of project execution
Before wrapping up his talk, he summarized some of the potential benefits to the professional, which include:
- Peer recognition
- Tangible career benefits
- Improvement of skills
- Visibility as a professional
Professionalizing the Discipline of Enterprise Architecture
Adam Thilthorpe, Director for Professionalism, BCS, the Chartered Institute for IT
Adam began his presentation by outlining how IT has fundamentally changed how businesses operate. Before discussing some of the benefits of achieving chartered status, he presented a maturity model and suggested that IT remains relatively immature as a profession. He then suggested that because IT is becoming more business-critical than ever, it’s crucial the profession matures quickly.
According to Adam, a Chartered IT professional (CITP) is someone who exploits IT to deliver business or equivalent advantage. Criteria include education and experience, breadth of experience, and specialist competence.
He also suggested that a chartered IT professional should add business value through use of technology and have a proven breadth of knowledge. He ended by explaining that the BCS is currently going through a mapping process with ITAC to see how it could fit in with its chartered process.
TOGAF™ and SABSA – Frameworks to Develop Security Architectures
John Sherwood, SABSA Institute (Sherwood Applied Business Security Architecture)
In this session, John explained that a new joint working group has been formed between The Open Group and the SABSA Institute to explore synergies between TOGAF™ and SABSA.
SABSA is a methodology for developing business-driven, risk-focused enterprise information security architectures. Essentially, he said, it’s about getting business risk prioritized.
He said the partnership has formed because those he had spoken to about it believed it was the only "rational choice". This, he said, was because SABSA is similar to TOGAF™ in that it’s business-driven rather being driven by technical deliverables. He also explained that SABSA doesn’t compete with other standards; instead, it’s an overarching framework that can integrate with the existing standards organizations are using.
According to John, the standard has so far been widely adopted and accepted by major organizations across the world including the UK MOD, the Canadian Federal Government, NASA, ING Bank, Samsung Korea, Bank of Ireland, and the Dutch Ministry of Defense. He also talked a little about the SABSA Institute that is in the process of being established.
He concluded his presentation by focusing on semantics and how the IT security profession has a legacy reputation for being the business prevention department. This, he believes, is because of some of the language that’s traditionally been used to describe risks such as threat and loss. With SABSA, he hopes information security risks can be seen in a positive light.
TOGAF™ CAMP
Facilitator: Steve Nunn, COO, The Open Group
Day One in Amsterdam concluded with the first TOGAF™ un-conference to be held outside the US. Steve ran through the principles of an un-conference and facilitated the brainstorming of topics to be covered by members. Following some brainstorming, members split into three parts and debated issues surrounding:
- Enterprise interoperability
- Evaluation of the use of TOGAF™ in real practice
- Next generation of EA tools
The three groups will publish the results of their discussions on The Open Group open Wiki.
Social Networking
Don’t forget to join The Open Group’s social media network and get the inside scoop on Open Group milestones
related to various standards and certification initiatives, thought
leadership webinars, conferences, and regional networking events.