General Session - Monday
Protecting your Business and Operations, by Improving the Security and Dependability of your IT- including the Global Supply Chains on which they rely.
The current cybersecurity environment presents enormous challenges.
Large-scale security breaches in the retail, financial, utilities and health care sectors are far too commonplace. Challenges in cybersecurity point to fundamental issues in risk management, information security, supply chain security, protection of critical infrastructure, product dependability and assuredness in our IT systems.
As cyber incidents occur with greater frequency
across all sectors each day adding unpredictable costs and distracting
organization, business leaders are looking for more predictable methods of
managing risks and costs. By moving to an insurance based model,
organizations can formalize their acceptance of risk and "plan" for
significant incidents by buying insurance.
Risk, Dependability & Trusted Technology - Part 1
Vulnerability management used to be easy, but in the face of ever-more
complex environments and ever-more aggressive attackers, vulnerability
management has evolved dramatically over the years. Join Jack Daniel for this
tool-neutral look at the evolution of vulnerability management, from early
scanning, to modern management and continuous network monitoring.
Early vulnerability management happened at a leisurely pace, if at all.
Advances in vulnerability management came slowly for many years, but the pace
of improvement has increased dramatically, leaving many organizations behind
the current state of best practices. Challenges to improvement and methods
for solving the challenges will be included in this conversation.
In this presentation the latest techniques and technologies for scanning,
continuously monitoring, assessing and securing your computer systems and
networks will be presented. The latest enhancements in scanning and
monitoring provide more information than ever before; this requires more
robust, intelligent and scalable data aggregation, analysis and management
Simply gathering vast amounts of information is not enough; actionable
information needs to be readily accessible and easily discovered, and actions
need to be automated.
Information and Data Architecture
Today's data management and analytic principles, practices and capabilities
strip away the fidelity of the data that provides the meaning and context
that makes data valuable and useable. Without a composable data layer your
ability to get value from digital ecosystems and the Internet of Things is
unattainable. Big data lakes and analytics only get you so far. Smart data
and semantics, cognitive agents, and intelligent orchestration is key.
session will help data professionals:
Open Platform 3.0™ / The Business Context
Risk, Dependability & Trusted Technology - Part 2
With the increased global market growth for technological goods and components and everything from hardware, software, and firmware relying on these products, the need for cyber supply chain security is much more important in order to minimize the exploitation of vulnerabilities. The modern supply chain is a complex, global third-party network of suppliers, distributors, business partners, service providers, and customers that share business processes, develop technology, and distribute products used in creating, sharing, and distributing information.
Given this complexity, there is no such thing as impenetrable security. Vulnerabilities are introduced, intentionally or unintentionally, at any node in the global network, and can produce exploits used to gain unauthorized access to data, alter data, or interrupt enterprise communications. 76% of all data breaches result from a third-party which introduced the security deficiencies that were ultimately exploited. (Trustwave 2012, Global Security Report)
Companies are extremely concerned about vendors’ reputations with whom they partner. Reputational risk must be placed above cost when assessing a potential third-party supplier or service provider. The cost of new security controls must be justified by careful analysis of the risk profile (e.g., vulnerabilities, threats, and consequences) of a given component, the criticality of the target system, and the cost of the controls vs. the potential cost of omitting the controls. It is incumbent upon both the supply and demand sides of the supply chain to share the risk mitigation responsibilities.
Attendees will learn the following:
The explosion in IT is only possible because of global supply chains enabling global access to talent, innovative software and IT components from around the world. In attempting to assure security, multiple governments seek to impose complex, costly and duplicative, or worse, conflicting requirements on global suppliers. How do we get to "more secure" while not regulating the golden supply chain goose to an early grave?
This panel of subject matter experts will:
Open Platform 3.0™/ Specific Technology Approaches
Cloud Service capabilities have introduced a need to look at Governance Processes differently.
Companies want the flexibility and speed associated with Cloud Computing services, but their need for data security has only increased in this new model. Cloud Computing now allows for shared resources in ways not previously available. Social, mobile, analytics and cloud tools have changed how organizations interact with customers - which require them to react more quickly to changing customer needs and demands.
All of the above will drive a new approach to how governance processes arenbeing applied: balancing the need for more security standards as well as support for faster, more responsive updates - across multiple points of the shared resources in the business.
Business process transformation is and will be a constant change in the
digital journey of organizations. One of the most important aspects of a
winning enterprise strategy for digital workplaces will be the “Social”
As organizations are moving forward in their initiatives to integrate systems
of records and systems of engagement, they are realizing that along with IT
expertise, they also need to include the voice of stakeholders, end users and
employees in their digital transformation journey. This will help the real
stakeholders become true partners in the overall organizational
transformation to achieve business goals.
The inclusion of “Social” will not be equally easy in all the areas, as
the processes have long been aloof from people who use them. There are some
areas, which will see the advent of “Social” before others given their
This presentation will be aimed at answering the following questions:
EA & Business Transformation
Enterprises still have the need for controlling, but it will be increasingly necessary to further evolve the usual way of controlling, in order to adapt to the complexity and speed of change in current markets. Considering this, the majority of executives go to work every day and do not know what is going to happen, because interconnections and inter-dependencies are making the environment of the enterprises increasingly complex to manage.
The complexity needs to be solved. However, what elements should executives evaluate? How to know exactly where and what to change? We believe it is all about transforming the way of managing and running the enterprise operational model, by connecting the entire enterprise in a vision that goes beyond Strategic Planning, identifying points for innovation and competitive advantage.
Therefore, demonstrating and managing what we do, using capabilities, connected to what we decide, using TDM, based on why we do what we do and decide what we decide, using BMM, creates a solid path to organize the mind of the Business and respond faster to disruptive forces.
Architecting a Government Organization is different than a for-profit organization. It involves making the people/citizens benefit from these initiatives rather than making profit. In this 21st century, all the governments should look into making their organizations more digital, how they can use the latest and greatest technologies to server citizens’ better. While creating these digital services, governments should look into improving the efficiencies of the system and provide platforms that can incubate innovation which takes countries, states, cities to the future.
This presentation investigates and instigates different approaches of architecting a government organization for e-Governance, e-Content Management, e-Procurement etc given the parameters of environment, culture and appetite to transform their organization.
Future Airborne Capability Environment (FACE™)
A dynamic tutorial and panel discussion where you will learn:
Intended audience: Personnel in the defense industry or armed services, affiliated with US-based FACE member organizations.
Forum Members Only (Mon)
Networking Reception (Mon)
General Session - Enterprise Architecture (Tue)
The Open FAIR risk analysis methodology is being used by numerous large organizations in financial services, retail, healthcare, and other sectors to analyze and quantify cybersecurity risks and other operational risks.
In this one day training course, participants will learn:
• How to apply the Open FAIR risk taxonomy including the various components of risk
• The differences between qualitative and quantative risk analysis and where each is appropriate
• About measurement and calibration and how to develop confidence in risk measurements
• How to work with the available data and to pick the right abstraction levels to perform risk analysis
• About the Open FAIR certification program for Risk Analysts
Prerequisites: A general understanding of security and risk concepts.
Healthcare Interoperability - Industry Vertical
These topics will be addressed by renowned speakers and panel of experts who bring clinical, policy and enterprise architecture experience from both the public and private sectors.
Our keynote speakers, Dr. Jon White, Deputy National Coordinator for Health IT, and Dr. Doug Fridsma, President and CEO of American Medical Informatics Association (AMIA), will discuss the current state of interoperability and standards consensus with a special focus on the distinct roles played by the public and private sectors. The Open Group Healthcare Forum will share its vision for the safe and effective flow of information across boundaries in healthcare -- a vision supported by many private sector actors in a highly complex healthcare ecosystem.
Industry experts in healthcare will address a sequence of interrelated topics:
Open Platform 3.0™ / Cloud Computing
Cloud Service capabilities have introduced a need to look at Governance
Processes differently. Companies want the flexibility and speed associated
with Cloud Computing Services, but their need for data Security has only
increased in this new model. Cloud Computing now allows for shared resources
in ways not previously available. Social, mobile, analytics and cloud tools
have changed how organizations interact with customers - which require them
to react more quickly to changing customer needs and demands.
All of the above will drive a new approach to governance processes:
balancing the need for more security standards as well as support for faster,
more responsive updates - across multiple points of the shared resources in
The main goal of this presentation is to propose a new Governance model and
share customer examples of how to achieve an optimal balance between speed &
security in a Cloud Computing environment.
The key topics to be covered in this presentation:
EA Practice & Professional Development - Part 1
The Boeing TOGAF Method is a customization of the TOGAF Architecture Development Method for use by Boeing in the development of enterprise or segment level architectures.
Prior to TOGAF method, Boeing had processes and methods that its
practitioners were required to use in the development of strategy,
value-chain, enterprise architectures, and application systems. When Boeing
made the decision to go with the TOGAF standard, we needed to figure out how we can be
specific enough to consistently execute TOGAF activities while ensuring our
other frameworks, methods, and references are intact. We needed to integrate
our other processes for defining our strategies, value-chain analysis, our
various reference architectures, and our method for developing computing
systems with TOGAF activities. We also looked at each TOGAF activity and
defined additional details such as how we would execute them, the models that
are to be created, the tools that will be used, reference(s) that are
relevant, the resulting deliverable content, and how quality will be assessed
for each activity.
The resulting customization of the TOGAF standard is the Boeing TOGAF
Open Platform 3.0™/ Specific Technology Frameworks
Over the past 12 months, experimenting with devices - micro controllers, real time systems that connect to sensory inputs and motor outputs, MQTT plays a big role in connecting machines to machines over the new connectivity protocol. MQTT is a Client Server publish/subscribe messaging transport protocol. It is light weight, open, simple, and designed so as to be easy to implement. These characteristics make it ideal for use in many situations, including constrained environments such as for communication in Machine to Machine (M2M) and Internet of Things (IoT) contexts where a small code footprint is required and/or network bandwidth is at a premium. In running low powered devices over flimsy, unreliable networks - sending reliable notifications to devices running in mission critical medical industry or capital-intensive financial industry, the speaker shares his observations with the Ultra-Low Power devices (ULP), running as brokers to servers - their low level architecture, model and design; accommodating existing legacy enterprise information within MQTT framework, different patterns and anti-patterns.
This presentation shows a complete solution for architecting, designing and building an application using devices, sensors and servers in a connected world. It promises a seamless switch from legacy to newer systems as and when they become ready. The narrative comes in many parts with real world examples, scenarios and practices.
You need a framework to in order to develop a
mobile strategy. There are many questions that are to be answered prior to
rolling out your 1st app. "Who is going to use the app? Where are they going
to use it? What are they using it for?" are only a few. Answering these
questions (and more) along with aligning your strategy to your organizations
mission will make your mobile strategy a success.
Learn what a mobility
framework is, and why it is critical to your success.
EA Practice & Professional Development - Part 2
A continuation from the morning plenary session, the afternoon workshop will share and discuss in detail the "EA Beyond Models" research paper. The workshop is designed to
"deep dive" into each service and consider feedback from other EA
The goal of this workshop is to capture sufficient insight to
extend the current Disruptive Change with Minimum Disruptions toolkit and
deliver it to the Open Group Architecture Forum for formal review and
adaptation into the TOGAF eco-system as a Guide.
Review broadly defined three EA Services – Optimize, Transform, and Build/Sustain the EA practice. The facilitator will review each service in
detail, demonstrate alignment to the TOGAF standard and The Open Group Open CA program,
and showcase specific artifacts and deliverables as well as governance and
Forum Members Only (Tue)
Networking Dinner Event (Tue)
TOGAF® 9 Case Studies
The Agency for Public Management and eGovernment (DIFI)
is responsible for ID-Porten. ID-porten is a common log-in solution to public
services. See http://eid.difi.no/en/id-porten for more.
DIFI has a Project to integrate with an EU based solution: The European Interoperability Reference Architecture (EIRA) is an application of Enterprise Architecture with a focus on interoperability in the public sector. See architecture here:
This presentation explains how DIFI used the TOGAF, ArchiMate and Open FAIR standards to ensure privacy and security concerns in a business context.
While many organizations follow the TOGAF framework to successfully document their current
architecture, some struggle with effectively developing target architectures
and transition plans that become a driver for change.
This presentation will
look at different roadmapping techniques that have been successfully used to
help organizations implementing the TOGAF framework to proactively understand the future
landscape, what options might be available to them and how to go about moving
towards the desired state.
These techniques will be supported by practical
case studies of real-world organizations that have used them effectively to
ensure the health of their EA practices and maximize the benefit of EA to
EA & Capability Based Planning
This workshop will show you how the validation and implementation of your business strategy can be supported by a combination of strategy modeling, capability-based planning, and enterprise architecture and portfolio management.
Strategy modeling enables the formalization and focus of the business strategy towards goals. Furthermore, it enables traceable steps in entire trajectory of strategy execution.
Capability-based planning is centered on realizing strategic goals by focusing on what an organization can do, rather than how it can do this. With this, business leaders can plan organizational change based on business outcomes, rather than projects, processes and applications.
Creating and improving capabilities is supported by enterprise architecture as the backbone of organizational design. It provides a clear line-of-sight between strategic goals, operational services, processes, and systems, and the project and programs that realize these. This enables you to manage the various dependencies and risks involved in realizing your strategy, ensuring coherence across the enterprise.
Enterprise portfolio management supports prioritization and decision making on the requisite assets and change initiatives that realize the envisaged architecture and capabilities. Relating data from financial and other systems to your architecture and portfolios, provides a solid basis for analysis and decision making.
We will show how this entire trajectory of strategy execution is facilitated by an integrated solution for describing your strategy, capabilities, enterprise architecture, and portfolios.
We will illustrate this approach to strategy execution with two real-life case studies:
IT4IT™ - Managing Business of IT
The Open Group IT4IT™ Forum, launched in October 2014, is developing a new standard based on a reference model for "Managing the Business of IT" and consequently has many touchpoints with other standards including key Open Group standards. This session will position and seek a dialog on IT4IT’s evolution in relation to: TOGAF®, ArchiMate®, ITIL, COBIT, SAFe, CMMI, TOSCA, OSLC, vertical standards, agile movement
The discussion will include:
The session will be collaborative and open, promoting the exchange of ideas about comparative IT standards.
All organizations in today’s world need IT to
support the mission of the business and keep it operational. For the most
part, the things an organization needs to run the business of IT are
ubiquitous. The Open Group has established a new forum where an industry
standard is being developed for a common operating model for the business of
IT – IT4IT. The IT4IT operating model allows the IT function to achieve the
same level of business discipline, predictability and efficiency as other
functions in the business. The IT Value Chain of Plan-Build-Deliver-Run is
described further by the corresponding value streams of
Strategy-to-Portfolio, Requirement-to-Deploy, Request-to-Fulfill, and
Detect-to-Correct. These in turn are supported by the IT4IT Reference
Architecture – a service model, an information model, functional model, and
an integration model.
The speaker will provide an overview of IT4IT and
describe how it is being used to drive organization change in real-world
The power of modern virtualization makes it possible to directly investigate
architectural solutions inexpensively. With technologies such as Vagrant and
Docker, and the easy availability of high-quality open source solutions,
multi-node proofs of concept can be constructed as miniaturized virtual
See a walkthrough of a complete, end to end DevOps environment, built through
“infrastructure as code” techniques, running on a single laptop. The
Calavera project (available on GitHub) is based on Virtualbox with Vagrant
and Chef scripts which build a local 6-node VM cluster, including:
Building such a solution in years past would have required significant
investments for computing capacity, configuration effort, and commercial
software. Now, complex distributed systems can be realized in miniature
directly, reducing the friction for architectural investigations.
Hear also the motivations behind the project, intended as a microkernel for a
larger enterprise IT simulation and currently in use for instructional
purposes at the University of St. Thomas. Can such simulations better ground
architectural debates? Can we understand capability roadmaps more effectively
if they are grounded in concrete yet inexpensive proofs of concept? How far
can we scale up these approaches? Come and participate in an interesting,
Intended audience: Practicing architects, consultants, trainers
The Open Group IT4IT™Forum provides a vendor-neutral 'place' to meet, gain knowledge and lead the development of the IT4IT Reference Architecture for IT management portfolio. The mission of the IT4IT Forum is to create and drive the adoption of the IT4IT standard that will provide a vendor-neutral Reference Architecture for managing the business of IT, enabling insight for agile improvement with increased focus on business outcomes. The panel session will highlight the wide range of development opportunities that the IT4IT Forum offers IT staff.
Coffee (Wed morning)
In a knowledge-based economy, enterprise survival
depends on the ability to make sense of the flood of available knowledge,
information and data coming from both within and without the organization. A
coherent Enterprise Information Architecture is key to leverage, transform
and manage the increasingly disparate holdings so that all stakeholders can
make their decisions based on quality information.
The challenge is that in
most enterprises massively redundant and incoherent data sets are siloed in
hundreds of services / applications; sorting it out seems overwhelming to
most CIOs. This is further exacerbated by the fact there is little
commonality and mutual awareness of the terminology and techniques used by
the various professions dealing with knowledge, information or data.
presentation provides some common lexicon and highlights a unified model
that enables CIOs / CDOs to incrementally create an enterprise information
A key requirement in today’s enterprises is the organization of knowledge
in a manner that benefits all employees, irrespective of their geographic
location and the business unit they serve. In this case study, I will cover
how knowledge generated by various groups with an enterprise, flows across
various logical boundaries, without compromising the confidentiality of
information belonging to a specific business unit.
The solution framework was built to address the following principles:
1) Logical knowledge hives for various business units – Business units in
an organization generate knowledge that is specific and confidential to the
respective units. Access to the information should be controlled by
authorized administrators of the hive.
2) Libraries to hold policy documents – Organization has its policy
documents which should be accessible by all employees of the organization.
Libraries should be built as containers for such documents, and workflow
built to notify employees of any policy change.
3) Crowdsourcing Ideas – Provision for employees to give ideas for
improvement initiatives. Most impactful ideas should be picked for
implementation. Employee, who gives the idea, should be able to track the
progress made on implementation.
4) Library of reusable assets – Provision for employees to publish assets
that can be reused across groups in the organization. Publication of the
asset goes through a SME review workflow. Provision to rate and provide
feedback on asset should be provided.
5) Governance – All the logical groups created within the solution
framework, should have administrators who control access, amount of storage
space allocated, archiving policy for the group.
From this case study, the audience should be able to take away the key
attributes and the governance principles to be kept in mind when designing
Knowledge Management System for seamless integration across different groups
in an organization.
The TOGAF® 9 Standard
This panel discussion addresses how the TOGAF standard will evolve in the future. Each panelist will be given the opportunity to make a short statement about their views on how the TOGAF standard will evolve. The remainder of the session will address questions from attendees.
Potential topics for discussion could include:
Architecture Methods and Techniques
Consumers expect mobile applications, wearables and
smart devices to work all the time. Enterprise and solution architects must
therefore build always-on services from legacy applications with varied
availability, performance and scalability characteristics. To bridge this
gap, architects are using Backends-as-a-Service (BaaS) and Enterprise Service
Buses (ESBs) with cloud-based and on-premises components.
Architects can use
the ArchiMate visual modeling language to express this emerging approach and
guide development of always-on services and the applications that use them.
This presentation introduces Cambia's always-on services architecture, and
its use of the ArchiMate language to develop and communicate it.
In a world where customers demand capabilities faster. In a world where you have to plan and execute simultaneously or be left in the dust. In a world where communications matter more and miscommunication can destroy. You need to understand how what you do impacts and is impacted by changes to both technology and business.
With agile and lean concepts, some architecture organizations find it
difficult to stay relevant, often viewed as a hindrance to rapid development
with myriad processes and standards. Development teams took it upon
themselves to find creative ways to circumnavigate controls created to
minimize risk to the organization. But today’s world of increasing demand
for rapid delivery, expanding costs, and higher stakes requires key elements makes architecture even more important.
In this session, participants will learn how we’ve adapted architecture to not only support Agile & DevOps, but how we’re at the table with teams to deliver business value collaboratively from small projects to
Participants will learn:
Open Sessions (Wed)
Forum Members Only (Wed)
Forum Members Only (Thu)