FAIR Institute Blog

New Studies on FAIR for Threat Intelligence, Patient Information from The Open Group

[fa icon="calendar"] Jul 12, 2017 8:00:00 AM / by Jim Hietala

Jim Hietala

What is Open FAIR™ and Who is The Open Group?.jpgThe Open Group’s Security Forum recently published two white papers of interest to FAIR practitioners, on applying FAIR to threat intelligence and to patient information risk.

The first is a white paper describing how to relate and use Open FAIR and the Risk Taxonomy Standard with STIX, a popular threat intelligence expression language. 

This White Paper provides guidance for closing the gaps between the methods and tools used to respond to information system attacks and those used for defense.

Written by long time Open Group member Chris Carlson, the paper provides an alignment between terminology and elements used in the Open FAIR standards, and domain objects and definitions found in STIX. The paper also explores data relationships between Open FAIR and STIX, and it gives guidance for data integration between the two standards.

Given the obvious connection between threats, tools providing threat intelligence, and the analysis of cyber risks, the white paper will be of value to those working in risk analysis or security threat intelligence.

Download the Open FAIR-STIX Integration paper (minimal registration required).  

The second paper, also produced by members of the Security Forum, is a just-published case study on using Open FAIR to analyze risks associated with healthcare patient information transmission over the internet.

The Norwegian health system requested and sponsored the paper, which looks at the actual risk posed by in-home dialysis care and associated data transfer to care providers. Of particular note is that this paper was produced by student interns at San Jose State University, who receive training on Open FAIR in classes offered by the Economics Department. 

Download the case study paper Putting Open FAIR™ Risk Analysis into Action. 

Lastly, the Security Forum has two additional projects underway related to the Open FAIR standard. These include the Open FAIR Process Guide, which provides guidance on how to conduct risk analyses using the methodology, as well as a basic Open FAIR spreadsheet analysis plug-in tool that will provide students (in academic and corporate training settings) with a useful way to gain experience in using Open FAIR to conduct risk analyses. Both of these projects are expected to be approved and then published this fall. 

For questions on the Open FAIR standard, the Open FAIR certification for people program, or current Open Group activities and projects, please visit the Open Group Open FAIR page on our website.

STIX is a trademark and standard of OASIS. Open FAIR is a trademark of The Open Group.


How to Prepare for the Open FAIR Certification Exam


Topics: FAIR

Jim Hietala

Written by Jim Hietala

Jim Hietala, Open FAIR, CISSP, GSEC, is Vice President, Business Development and Security for The Open Group, where he manages the business team, as well as Security and Risk Management programs and standards activities, He has participated in the development of several industry standards including O-ISM3, O-ESA, O-RT (Risk Taxonomy Standard), O-RA (Risk Analysis Standard), and O-ACEML. He also led the development of compliance and audit guidance for the Cloud Security Alliance v2 publication. Jim is a frequent speaker at industry conferences. He has participated in the SANS Analyst/Expert program, having written several research white papers and participated in several webcasts for SANS. He has also published numerous articles on information security, risk management, and compliance topics in publications including CSO, The ISSA Journal, Bank Accounting & Finance, Risk Factor, SC Magazine, and others. An IT security industry veteran, he has held leadership roles at several IT security vendors. Jim holds a B.S. in Marketing from Southern Illinois University.


Subscribe to Email Updates

Learn How FAIR Can Help You
Make Better Business Decisions

Recent Posts