The Open Group’s Security Forum recently published two white papers of interest to FAIR practitioners, on applying FAIR to threat intelligence and to patient information risk.
The first is a white paper describing how to relate and use Open FAIR and the Risk Taxonomy Standard with STIX, a popular threat intelligence expression language.
This White Paper provides guidance for closing the gaps between the methods and tools used to respond to information system attacks and those used for defense.
Written by long time Open Group member Chris Carlson, the paper provides an alignment between terminology and elements used in the Open FAIR standards, and domain objects and definitions found in STIX. The paper also explores data relationships between Open FAIR and STIX, and it gives guidance for data integration between the two standards.
Given the obvious connection between threats, tools providing threat intelligence, and the analysis of cyber risks, the white paper will be of value to those working in risk analysis or security threat intelligence.
Download the Open FAIR-STIX Integration paper (minimal registration required).
The second paper, also produced by members of the Security Forum, is a just-published case study on using Open FAIR to analyze risks associated with healthcare patient information transmission over the internet.
The Norwegian health system requested and sponsored the paper, which looks at the actual risk posed by in-home dialysis care and associated data transfer to care providers. Of particular note is that this paper was produced by student interns at San Jose State University, who receive training on Open FAIR in classes offered by the Economics Department.
Lastly, the Security Forum has two additional projects underway related to the Open FAIR standard. These include the Open FAIR Process Guide, which provides guidance on how to conduct risk analyses using the methodology, as well as a basic Open FAIR spreadsheet analysis plug-in tool that will provide students (in academic and corporate training settings) with a useful way to gain experience in using Open FAIR to conduct risk analyses. Both of these projects are expected to be approved and then published this fall.
For questions on the Open FAIR standard, the Open FAIR certification for people program, or current Open Group activities and projects, please visit the Open Group Open FAIR page on our website.
STIX is a trademark and standard of OASIS. Open FAIR is a trademark of The Open Group.
How to Prepare for the Open FAIR Certification Exam