Name: Cyber Security Work at OMG - Task Force Levels
Start: 2016-10-18T15:00:00Z
End: 2016-10-18T15:45:06.000Z
Location: BrightTALK

The Object Management Group® (OMG®) is an international, open membership, not-for-profit technology standards consortium. Founded in 1989, OMG standards are driven by vendors, end-users, academic institutions, and government agencies.

One more time: Why Software Security Is Not Different from Software Quality

John Keane, the Software Angel of Death, will conduct a no-holds-barred webinar on why Software Security Is Not Different from Software Quality.  

The presentation is primarily oriented to those who are so focused on Cybersecurity that they overlook the need to focus on quality software and the inherent need to produce software that satisfies the mission as well as be secure.

- Historical examples will be provided
- An assessment of selected standards with their known capabilities AND limitations will be discussed 
- An in-depth discussion of Software Assurance will be used to tie security to quality/operability

The primary purpose is to prove that the objectives of software quality and software quality are equivalent and that, in many cases, developers can achieve both through the implementation of single rules/principles. 

CISQ & OMG software standards are important to preventing poor software practices from crippling IT Enterprise systems both at the federal and commercial levels. 

About the presenter:
John Keane is recently retired from the Civil Service. He is more widely known in the software assurance community as the “Software Angel of Death.” He has more than 40 years of experience both as an active-duty officer (retired LTC and Viet Nam veteran) and civil servant.

Why Software Security Is Not Different from Software Quality

In this brief fireside chat Denis Gagne, CEO & CTO, Trisotech, will discuss the three specifications that make up BPM+, BPMN, CMMN, and DMN.

Join us for our next virtual coffee discussion on June 1st, 3:30-4pm CT, Getting Started with BPM+. No registration is required! 

Webex URL: https://organization.webex.com/organization/j.php?MTID=m1899c439a8dbad32d287ef10ac6ac2bd

Meeting Number: 160 811 9188
Password:  AVp3rq7uXE2
Phone Number: +1-408-418-9388 United States Toll
Global Call-in Toll Numbers

Previous topics have been:

• BPM+ Health and CQL
• BPM+ Health and FHIR
• BPM+ Health and HIE
• Accelerating Learning Health Systems

Contact info@bpm-plus.org to get involved with the community or to submit an upcoming topic!

More information at bpm-plus.org

Fireside Chat: Overview of BPMN, CMMN, DMN

Presentation delivered to the Cloud Working Group on March, 23 2022. This includes an update on standards work within ISO and other standards development organizations, followed by a description of the work of ISED (Innovation, Science and Economic Development Canada) on cloud resiliency in the Canadian and international context.

Canadian & International Cloud Resiliency

This workshop will introduce NASA Jet Propulsion Laboratory's (JPL's) openCAESAR Project and its ontological approach to systems modeling and analysis. It will focus on the Ontological Modeling Language (OML), its authoring and analysis tools and its workflows. It will provide the background and motivation for developing the approach at the JPL and its adoption by several space projects. In addition, a case study will be presented and used to demonstrate the approach and motivate discussion.

NASA JPL openCAESAR Workshop

Join the Consortium of Information and Software Quality (CISQ) on April 6th, 2022, 3:00pm CST - 4:00pm CST to learn how to manage the trustworthiness and dependability of systems acquired through your supply chain. 

Learning Objectives:
- Learn how to leverage CISQ measures  to reduce risk in your contacts & SLAs
- How to certify software and its level of risk
- How to manage the quality of the software you are receiving from a supply chain
- Learn about the use of Software Bill of Materials (SBOM) in a software supply chain

About the Presenters:

Robert A. Martin, Senior Principal Engineer at the MITRE Corporation, has dedicated his career to solving some of the world’s most difficult problems in systems and software engineering. His work focuses on the interplay of risk management, cyber security, and quality assessment and assurance. For 23 years, Robert has applied his expertise to international cybersecurity initiatives such as CVE, CAPEC, and CWE, which host large active vendor and research communities, and is now working on standardizing the Software Bill of Materials (SBoM) and the supply chain security System of Trust™. 

Dr. Bill Curtis is CISQ’s Executive Director. Dr. Curtis led development of the Capability Maturity Model (CMM) at the Software Engineering Institute at Carnegie Mellon University. Dr. Curtis is an active participant in ISO JTC1 SC7 WG6 for Software and System Product Measures. In 2007, he was elected a Fellow of the IEEE for his career contributions to software process improvement and measurement.

Managing Trustworthiness & Dependability of Systems Acquired Via Supply Chain

Abstract: The Space DTF encourages OMG specifications to create standards in the space technology field and encourages the development and use of Model Driven Architecture® (MDA®). To date, the OMG’s Space DTF approved and published:
• XML Telemetric and Command Exchange™ (XTCE™)
• Ground Equipment Monitoring Service™ (GEMS™)
• Satellites Operations Language Metamodel™ (SOLM™) 
• XTCE Profile for US Government Satellites™ aka GovSat (XUSP™)
• Command & Control Mission Services™ (C2MS™) (i.e., NASA's Goddard Mission Services Evolution Center (GMSEC) program to coordinate ground and flight data systems) 
• CubeSat Systems Refence Model™ (CSRM™) – a logical model that utilizes SysML to create various sizes of CubeSats and satellites and can progress to a physical model. CSRM was coordinated with INCOSE. Beta version available.

Bio:  As Senior Vice President, Steve’s primary purpose is to support the OMG’s government and industry activities. His secondary focus is continued development of all OMG Programs (AREA, BPM+Health, CISQ, DTC and IIC). He retired from the United States Air Force after 27.5 years of service. Upon retirement, he consulted the DoD, Department of Energy, government agencies, Services, Fortune 200 companies as well as large, medium and small companies. He also served as the Vice Chairman of the Board for PrismTech Solutions Americas and a Military Advisor to the United Arab Emirates. His career spans contracting, financial and program management for air, land, sea, and space-based platforms along many areas of the Battle Management Command, Control, Communications Intelligence, Surveillance and Reconnaissance (BM-C4ISR) kill chain.

2022 GSAW: Driving Innovation for Enterprise Integration

Abstract: When the historic winter storms hit Texas in February 2020, the biggest problem was the lack of winterization of the renewable and fossil fuel-based generation systems. All the of the systems failed to various degrees. So why weren’t these systems winterized? Mostly it was a lack of incentives. The government provided no financial incentives and did not mandate winterization. These winter storms were once-in-a-century events, and there was no business case with reasonable ROI to winterize. Companies that did manage to operate sold power and gas for up to 400% more than normal due to the lack of supply and increased demand. So, there was a built-in disincentive to
not invest. This presentation will look at the risks, opportunities and drivers of the Texas electric grid, what caused it to fail and incentives to succeed in the future. We will also examine incentive systems gone wrong such as the Cobra Effect.

2022 UAF Summit: Drivers Risk Opportunity Resilience & the 2021 TX Grid Failure

Abstract: Capabilities, the lifeblood of an enterprise, can be managed effectively using portfolio management techniques. Capability roadmaps are commonly used to manage the deployment of new and improved capabilities to address key drivers and challenges that the enterprise faces. This presentation demonstrates how MBSE can enhance an organization’s ability to plan for capability deployments, as well as the ability to more effectively manage its portfolios of facilities, people, processes, services, systems, technologies and other key enablers for the fielded capabilities. Specific enterprise modeling elements that can facilitate capability planning and portfolio management are also described. These new modeling elements are being incorporated into the next UAF update.

Bio: James N Martin is the INCOSE representative to the UAF Revision Task Force with OMG and was lead editor for the ISO 42020 standard on Architecture Processes. He is an Enterprise Architect and a Principal Systems Engineer at The Aerospace Corporation developing solutions for information systems and space system enterprises. He was a key author on the BKCASE project in development of Enterprise Systems Engineering articles for the SE Body of Knowledge (SEBOK). Dr. Martin led the working group responsible for developing ANSI/EIA 632, a US national standard that defined the processes for engineering a system. He previously worked for Raytheon Systems Company and AT&T Bell Labs on airborne and underwater systems and on communication systems. His book, Systems Engineering Guidebook, was published by CRC Press in 1996. Dr. Martin is an INCOSE Fellow and was leader of the Standards Technical Committee. He was founder and was until recently leader of the Systems Science Working Group. He received from INCOSE the Founders Award for his long and distinguished achievements in the field.

2022 UAF Summit: Architecture-based Portfolio Management Using UAF

Abstract: Current functional safety standards tend to focus on single individuals (e.g., vehicles, machines). A project named Model Based Risk Assessment Safety Analysis (MBRASA) was initiated to study hazard analysis for system of systems. This presentation will discuss 1) how hazard analysis can be performed based on UAF models of specific system of system concepts, 2) how an extended hazard and risk analysis methodology can be facilitated by using the extrapolated system definition model and 3) how safety cases for models of the early phases can be used to facilitate swifter progress in getting systems ready for certification. Two model examples will also be described: 1) logistics facility and 2) truck platooning.

Bio: Lars-Olof Kihlström is a principal consultant at the Swedish consultancy company Syntell AB. He has a degree in Physics Engineering from the Royal Institute of Technology in Stockholm. He has been working with Model based system design and engineering for more than 40 years using a variety of tools. Since 2005 his engineering work has largely dealt with architecture models and architecture frameworks. He was a member of the team responsible for the NATO architecture framework version 3 and 3.1, has in depth knowledge of MODAF DoDAF 2 and NAF version 4 and has been a member of the UPDM/UAF group since the work for the OMG standard of the framework started.

2022 UAF Summit: Hazard Analysis with The Aid of UAF Models

Abstract: Capabilities, the lifeblood of an enterprise, can be managed effectively using portfolio management techniques. Capability roadmaps are commonly used to manage the deployment of new and improved capabilities to address key drivers and challenges that the enterprise faces. This presentation demonstrates how MBSE can enhance an organization’s ability to plan for capability
deployments, as well as the ability to more effectively manage its portfolios of facilities, people, processes, services, systems, technologies and other key enablers for the fielded capabilities. Specific enterprise modeling elements that can facilitate capability planning and portfolio management are also described. These new modeling elements are being incorporated into the next UAF update.

Bio: Kristi is a senior manager and business analyst with Lockheed Martin Corporation’s Center for Industry and Market Analysis. She has performed several business development and analyst roles providing decision support to Lockheed Martin’s worldwide Aerospace and Defense portfolio since joining the Lockheed Martin team seven years ago. She also retired after 20 years in uniform in the U.S. Air Force, combined Active Duty and Reserve, as a defense weapon system acquisition professional. Kristi holds a Bachelor of Science degree in military history from the U.S. Air Force Academy and a Master of Arts in International Affairs from Tufts University’s Fletcher School of Law and Diplomacy along with DAWIA certifications in program and test management.

2022 UAF Summit: Using Architecture to Spark Innovative Thinking

Abstract: There is an ongoing effort in both the commercial industry and the Department of Defense (DoD) to digitally represent Information Technology (IT) enterprise architectures. These digital models aim to capture and elicit the tacit knowledge of these architectures into a form that is precise and exploitable by systems engineers, software engineers, data scientists and data engineers. We wish to not only document the architecture in a more formal manner, but also to interrogate these models for insight and execute what-if scenarios. However, this only works if the models accurately address the needs of the stakeholders and are well-formed. The challenge in this knowledge transfer often lies in the broad spectrum of stakeholder groups (aka tribes) inherent in any domain that is categorized as a utility-minded infrastructure or support. Each of these tribes have their own interpretation of concepts within their domain that cause conflicting use and understanding of the same concept. For example, one person’s metadata is another person’s operational data model. How do you accommodate multiple stakeholder viewpoints where each is equally valid? How do you distill down tribal vernacular to the essential knowledge in a precise, coherent and multi-viewpoint consistent way? Having a form or lens (i.e., perspective or viewpoint) to look through is paramount in making an intractable problem tractable. Fortunately, the UAF established such a framework that brings rigor to the problem through numerous views and viewpoints and robust tool support. However, using the UAF can be like bringing a tank to a knife fight. Furthermore, the rigid framework can seem overly confining and limit expressiveness. This presentation will explore via a case study the good, the bad and the ugly of transferring tacit tribal knowledge within the IT domain using the UAF.

2022 UAF Summit:  Transferring Tacit Knowledge from IT Tribes to a Digital Model

Abstract: This presentation will demonstrate how the combination of the Unified Architecture
Framework Profile (UAFP) and the Risk Analysis & Assessment Modeling Language (RAAML) can facilitate cybersecurity risk analysis, ensuring that cybersecurity risks are addressed in the same model as the system architecture.

2022 UAF Summit: Analyzing Cybersecurity Risk Using UAFML & RAAML

Abstract: The NATO Architecture Framework Version 4 (NAFv4) was published in January 2018. Instead of using a proprietary meta-model, NATO selected two existing ones in the creation of NAFv4 compliant architectures. One of these is OMG’s UAF DMM. During the OMG Technical Meeting in June 2019, Christian outlined the way ahead implementing a NAFv4-based adaptation of the UAF DMM (NAF@UAF) in NATO and the German armed forces. In this presentation at the OMG Summit in March 2022, Christian will provide an update of the current state of migration (from NAFv3.1 to NAFv4@UAF) as well as the development and use of NAFv4@UAF concepts and tools.

Bio: Christian Freihoff works for the German Federal Office of Bundeswehr Equipment, Information Technology and In-Service Support (BAAINBw) as an IT Architect and National Lead Expert for the NATO Architecture Framework (NAF). He achieved, drove and supported significant developments to improve the use of Architecture in the German armed Forces (Bundeswehr). He serves NATO’s Architecture Capability Team (ACaT) as the custodian of the NAF, lead of the training development syndicate and carrier of several tasks and workstrands.

2022 UAF Summit: NATO Architecture Framework & The OMG UAF DMM

Abstract: AGVRA is the Reference Architecture for Autonomous Ground Vehicles that will provide architectural guidelines and best practices, business and technical, for the Army Robotics and Autonomous Systems (RAS) community. AGVRA 3.0 consists of a suite of nine interoperable domain specific reference architectures that cover the design problem all the way from the organizational capabilities down to low-level details of the brake actuators in a combat vehicle. In addition to giving an overview of AGVRA itself, this presentation will cover the top two layers of the AGVRA suite: Large Unit Mission (LUM) based on UAF and Small Team Task Model (STM) based on SysML. Finally, we will conclude with a brief discussion of some of the practical tooling challenges we encountered in doing this work as well as some related fundamental digital engineering challenges
that could benefit from the attention of the OMG community.

Bio: Shannon has twenty years of experience in Systems Engineering in both automotive and defense domains. His experience includes numerous electromechanical devices and shift by wire actuators from multiple perspectives including safety, quality and electrical engineering. Shannon has a B.S.E. in Electrical Engineering from Kettering University (formally known as GMI) located in Flint, Michigan. He lives with his wife and three children in a suburb of Detroit, Michigan.

Bio: David is a Principal at System Strategy, Inc. David has over thirty years of experience in Software and Systems Engineering in multiple domains. David has experience in automotive radar design, software safety for offshore oil rigs, infotainment software design, and ISO 26262 functional safety. David is the author of the SysML for Beginners book series and speaks both Japanese and German fluently. David received a BA in Mathematics from the University of California San Diego and an MBA from the University of Texas McCombs School of Business.

2022 UAF Summit: Using UAF to Define Army Vehicle Architectures

Abstract: This presentation will focus on the lessons learned as a large organization shifts its culture to adopt and embrace enterprise architecture as an integral part of systems engineering. To take full advantage of architecture, it is not enough to have a few highly-skilled individuals with tool access to create architectural products: an organization must be permeated with an understanding of architecture across the workforce for the true value to be realized. Everywhere within the organization there needs to be people with varying levels of architectural skills. For architecture to
be truly adopted, your organization needs champions, highly-advanced architects, and those who provide inputs. Architecture is not just for architects. It is for all areas of an organization and workforce development is pivotal in adopting it.

Bio: Erin is the Supervisor for the Architecture, Requirements, and Modeling for C4I and Enterprise Systems as well as the MBSE Training Lead at Naval Information Warfare Center, Atlantic where she has worked for more than 10 years. She has performed multiple Systems Engineering, Architecture, and Requirements roles at the command. She also retired after 21 years in uniform in the Navy, combined Active Duty and Reserve, as a Human Resources Officer. Erin holds degrees in Mechanical Engineering, a Master’s in Aeronautical Science with a specialty in Space Studies, and an MBA. She is a Certified System’s Engineering Professional (CSEP), OCSMP Modeling Professional, and a Professional in Human Resources (PHR).

2022 UAF Summit: Empowering Enterprise Adoption Through Workforce Development

Learn from BPM+ Health Member and Ambassador Ken Allgood, Co-founder and CEO, HealthFlow.io in a brief discussion on BPMN and health information exchange using BPMN.

BPM+ Health is a community initiative to improve the quality and consistency of healthcare delivery. It will achieve this by applying business process modeling standards to clinical best practices, care pathways and workflows directly at the point of care. It is a cross-discipline group of professional organizations, clinical societies, and healthcare providers working together to develop and pilot standards-driven healthcare process automation techniques to fully realize the benefits of Healthcare IT.

Health Information Exchange & BPM+ Health

Accelerate Learning Health Systems with BPM+ Health
This special event is open to members and non-members interested in learning more about the process of authoring and adopting shareable, standards-based clinical pathways in healthcare.

Accelerate Learning Health Systems with BPM+ Health | BPM+ Health Workshop

Prepare for 2022 and join us to review the highlights and 2021 findings of our widely discussed 2020 Cost of Poor Software Quality report. 



We'll also discuss our DevQualOps model and how to leverage it to collect the data necessary to quantify the Cost of Poor Software Quality in your organization.

Cost of Poor Software Quality Report 2022 Update

Cyber threats facing a nation's critical infrastructure, mission-critical systems, or any Internet of Things (IoT) system, demand a cyber infrastructure that matches their combined enormity and complexity. Risk management solutions must be capable of understanding intricate attack patterns and assessing complex vulnerabilities to give stakeholders confidence in their system's ability to withstand malicious attacks.

Currently -- understanding, assessing and managing the risks of complex cyber and/or cyber-physical systems is a very costly and challenging task that requires the expertise of well-trained and seasoned security professionals, a scarce commodity. The traditional approach to risk assessment relies primarily on informal inputs such as documentation and personnel interviews, making this approach subjective, non-comprehensive, non-repeatable, and prone to inaccuracies about the true nature of risks and vulnerabilities involved.

OMG's C4I Task Force Request For Information (RFI) is currently open for response “Cyber Security Protection for Front Line Real-Time Systems RFI” seeking input on  a)  How to develop Standards to move Tool/Integration community forward to reduce costs and focus on higher quality system development b)  What area of standards can be addressed to reduce cost in developing Cyber Security solutions and designs for systems and c) What can be done to integrate current standards that will allow standards based tools to better support design, development and life-cycle support to reduce costs and control costs.

We welcome you to join the conversation.

Cyber Security Work at OMG - Task Force Levels

cybersecurity

security

threat

risk

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Application Development

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

The IT project management community on BrightTALK includes thousands of IT project and portfolio management professionals. Find relevant webinars and videos on agile methodologies, scrum strategy, project management processes and more. Attend live webinars or view on demand content presented by recognized thought leaders in the IT project management industry.

IT Project Management

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

Thousands of healthcare IT professionals compose the health IT community on BrightTALK. Learn alongside them with relevant webinars on healthcare IT compliance, big data in healthcare and IT solutions for healthcare organizations. Join the conversation by asking questions and engaging with other participants during live webinars and organized discussions.

Health IT

The research and development community on BrightTALK brings together leading professionals in healthcare, technology and manufacturing to present on current topics in their fields. From big data in healthcare to online forensics training and medical research practices, the community is an exceptional resource for those looking to expand their knowledge. Be part of the conversation by joining the community and participating in interactive live webinars.

Cyber Security Work at OMG - Task Force Levels

Presented by

About this talk

More from this channel