General Session - Monday
Protecting your Business and Operations, by Improving the Security and Dependability of your IT- including the Global Supply Chains on which they rely. The current cybersecurity environment presents enormous challenges.
Large-scale security breaches in the retail, financial, utilities and health care sectors are far too commonplace. Challenges in cybersecurity point to fundamental issues in risk management, information security, supply chain security, protection of critical infrastructure, product dependability and assuredness in our IT systems.
As cyber incidents occur with greater frequency across all sectors each day adding unpredictable costs and distracting organization, business leaders are looking for more predictable methods of managing risks and costs. By moving to an insurance based model, organizations can formalize their acceptance of risk and "plan" for significant incidents by buying insurance.
Key takeaways:
Risk, Dependability & Trusted Technology - Part 1
Vulnerability management used to be easy, but in the face of ever-more complex environments and ever-more aggressive attackers, vulnerability management has evolved dramatically over the years. Join Jack Daniel for this tool-neutral look at the evolution of vulnerability management, from early scanning, to modern management and continuous network monitoring.
Early vulnerability management happened at a leisurely pace, if at all. Advances in vulnerability management came slowly for many years, but the pace of improvement has increased dramatically, leaving many organizations behind the current state of best practices. Challenges to improvement and methods for solving the challenges will be included in this conversation.
In this presentation the latest techniques and technologies for scanning, continuously monitoring, assessing and securing your computer systems and networks will be presented. The latest enhancements in scanning and monitoring provide more information than ever before; this requires more robust, intelligent and scalable data aggregation, analysis and management systems.
Simply gathering vast amounts of information is not enough; actionable information needs to be readily accessible and easily discovered, and actions need to be automated.
Information and Data Architecture
Today's data management and analytic principles, practices and capabilities strip away the fidelity of the data that provides the meaning and context that makes data valuable and useable. Without a composable data layer your ability to get value from digital ecosystems and the Internet of Things is unattainable. Big data lakes and analytics only get you so far. Smart data and semantics, cognitive agents, and intelligent orchestration is key.
This session will help data professionals:
Open Platform 3.0™ / The Business Context
Coffee (Mon afternoon)
Risk, Dependability & Trusted Technology - Part 2
With the increased global market growth for technological goods and components and everything from hardware, software, and firmware relying on these products, the need for cyber supply chain security is much more important in order to minimize the exploitation of vulnerabilities. The modern supply chain is a complex, global third-party network of suppliers, distributors, business partners, service providers, and customers that share business processes, develop technology, and distribute products used in creating, sharing, and distributing information.
Given this complexity, there is no such thing as impenetrable security. Vulnerabilities are introduced, intentionally or unintentionally, at any node in the global network, and can produce exploits used to gain unauthorized access to data, alter data, or interrupt enterprise communications. 76% of all data breaches result from a third-party which introduced the security deficiencies that were ultimately exploited. (Trustwave 2012, Global Security Report)
Companies are extremely concerned about vendors’ reputations with whom they partner. Reputational risk must be placed above cost when assessing a potential third-party supplier or service provider. The cost of new security controls must be justified by careful analysis of the risk profile (e.g., vulnerabilities, threats, and consequences) of a given component, the criticality of the target system, and the cost of the controls vs. the potential cost of omitting the controls. It is incumbent upon both the supply and demand sides of the supply chain to share the risk mitigation responsibilities.
Attendees will learn the following:
The explosion in IT is only possible because of global supply chains enabling global access to talent, innovative software and IT components from around the world. In attempting to assure security, multiple governments seek to impose complex, costly and duplicative, or worse, conflicting requirements on global suppliers. How do we get to "more secure" while not regulating the golden supply chain goose to an early grave?
This panel of subject matter experts will:
Open Platform 3.0™/ Specific Technology Approaches
Cloud Service capabilities have introduced a need to look at Governance Processes differently. Companies want the flexibility and speed associated with Cloud Computing services, but their need for data security has only increased in this new model. Cloud Computing now allows for shared resources in ways not previously available. Social, mobile, analytics and cloud tools have changed how organizations interact with customers - which require them to react more quickly to changing customer needs and demands.
All of the above will drive a new approach to how governance processes arenbeing applied: balancing the need for more security standards as well as support for faster, more responsive updates - across multiple points of the shared resources in the business.
Business process transformation is and will be a constant change in the digital journey of organizations. One of the most important aspects of a winning enterprise strategy for digital workplaces will be the “Social” Strategy.
As organizations are moving forward in their initiatives to integrate systems of records and systems of engagement, they are realizing that along with IT expertise, they also need to include the voice of stakeholders, end users and employees in their digital transformation journey. This will help the real stakeholders become true partners in the overall organizational transformation to achieve business goals.
The inclusion of “Social” will not be equally easy in all the areas, as the processes have long been aloof from people who use them. There are some areas, which will see the advent of “Social” before others given their existing people-centricity.
This presentation will be aimed at answering the following questions:
EA & Business Transformation
Enterprises still have the need for controlling, but it will be increasingly necessary to further evolve the usual way of controlling, in order to adapt to the complexity and speed of change in current markets. Considering this, the majority of executives go to work every day and do not know what is going to happen, because interconnections and inter-dependencies are making the environment of the enterprises increasingly complex to manage.
The complexity needs to be solved. However, what elements should executives evaluate? How to know exactly where and what to change? We believe it is all about transforming the way of managing and running the enterprise operational model, by connecting the entire enterprise in a vision that goes beyond Strategic Planning, identifying points for innovation and competitive advantage.
Therefore, demonstrating and managing what we do, using capabilities, connected to what we decide, using TDM, based on why we do what we do and decide what we decide, using BMM, creates a solid path to organize the mind of the Business and respond faster to disruptive forces.
Architecting a Government Organization is different than a for-profit organization. It involves making the people/citizens benefit from these initiatives rather than making profit. In this 21st century, all the governments should look into making their organizations more digital, how they can use the latest and greatest technologies to server citizens’ better. While creating these digital services, governments should look into improving the efficiencies of the system and provide platforms that can incubate innovation which takes countries, states, cities to the future.
This presentation investigates and instigates different approaches of architecting a government organization for e-Governance, e-Content Management, e-Procurement etc given the parameters of environment, culture and appetite to transform their organization.
Future Airborne Capability Environment (FACE™)
A dynamic tutorial and panel discussion where you will learn:
Intended audience: Personnel in the defense industry or armed services, affiliated with US-based FACE member organizations.
Forum Members Only (Mon)
Networking Reception (Mon)
General Session
Open FAIR™
The Open FAIR risk analysis methodology is being used by numerous large organizations in financial services, retail, healthcare, and other sectors to analyze and quantify cybersecurity risks and other operational risks. In this one day training course, participants will learn: • How to apply the Open FAIR risk taxonomy including the various components of risk • The differences between qualitative and quantative risk analysis and where each is appropriate • About measurement and calibration and how to develop confidence in risk measurements • How to work with the available data and to pick the right abstraction levels to perform risk analysis • About the Open FAIR certification program for Risk Analysts
Prerequisites: A general understanding of security and risk concepts.
Healthcare Interoperability - Industry Vertical
These topics will be addressed by renowned speakers and panel of experts who bring clinical, policy and enterprise architecture experience from both the public and private sectors. Our keynote speakers, Dr. Jon White, Deputy National Coordinator for Health IT, and Dr. Doug Fridsma, President and CEO of American Medical Informatics Association (AMIA), will discuss the current state of interoperability and standards consensus with a special focus on the distinct roles played by the public and private sectors. The Open Group Healthcare Forum will share its vision for the safe and effective flow of information across boundaries in healthcare -- a vision supported by many private sector actors in a highly complex healthcare ecosystem. Industry experts in healthcare will address a sequence of interrelated topics:
Open Platform 3.0™ / Cloud Computing
Cloud Service capabilities have introduced a need to look at Governance Processes differently. Companies want the flexibility and speed associated with Cloud Computing Services, but their need for data Security has only increased in this new model. Cloud Computing now allows for shared resources in ways not previously available. Social, mobile, analytics and cloud tools have changed how organizations interact with customers - which require them to react more quickly to changing customer needs and demands.
All of the above will drive a new approach to governance processes: balancing the need for more security standards as well as support for faster, more responsive updates - across multiple points of the shared resources in the business.
The main goal of this presentation is to propose a new Governance model and share customer examples of how to achieve an optimal balance between speed & security in a Cloud Computing environment.
The key topics to be covered in this presentation:
EA Practice & Professional Development - Part 1
The Boeing TOGAF Method is a customization of the TOGAF Architecture Development Method for use by Boeing in the development of enterprise or segment level architectures.
Prior to TOGAF method, Boeing had processes and methods that its practitioners were required to use in the development of strategy, value-chain, enterprise architectures, and application systems. When Boeing made the decision to go with the TOGAF standard, we needed to figure out how we can be specific enough to consistently execute TOGAF activities while ensuring our other frameworks, methods, and references are intact. We needed to integrate our other processes for defining our strategies, value-chain analysis, our various reference architectures, and our method for developing computing systems with TOGAF activities. We also looked at each TOGAF activity and defined additional details such as how we would execute them, the models that are to be created, the tools that will be used, reference(s) that are relevant, the resulting deliverable content, and how quality will be assessed for each activity.
The resulting customization of the TOGAF standard is the Boeing TOGAF Method (BTM).
Coffee (Tue morning)
Open Platform 3.0™/ Specific Technology Frameworks
Over the past 12 months, experimenting with devices - micro controllers, real time systems that connect to sensory inputs and motor outputs, MQTT plays a big role in connecting machines to machines over the new connectivity protocol. MQTT is a Client Server publish/subscribe messaging transport protocol. It is light weight, open, simple, and designed so as to be easy to implement. These characteristics make it ideal for use in many situations, including constrained environments such as for communication in Machine to Machine (M2M) and Internet of Things (IoT) contexts where a small code footprint is required and/or network bandwidth is at a premium. In running low powered devices over flimsy, unreliable networks - sending reliable notifications to devices running in mission critical medical industry or capital-intensive financial industry, the speaker shares his observations with the Ultra-Low Power devices (ULP), running as brokers to servers - their low level architecture, model and design; accommodating existing legacy enterprise information within MQTT framework, different patterns and anti-patterns.
This presentation shows a complete solution for architecting, designing and building an application using devices, sensors and servers in a connected world. It promises a seamless switch from legacy to newer systems as and when they become ready. The narrative comes in many parts with real world examples, scenarios and practices.
You need a framework to in order to develop a mobile strategy. There are many questions that are to be answered prior to rolling out your 1st app. "Who is going to use the app? Where are they going to use it? What are they using it for?" are only a few. Answering these questions (and more) along with aligning your strategy to your organizations mission will make your mobile strategy a success.
Learn what a mobility framework is, and why it is critical to your success.
EA Practice & Professional Development - Part 2
A continuation from the morning plenary session, the afternoon workshop will share and discuss in detail the "EA Beyond Models" research paper. The workshop is designed to "deep dive" into each service and consider feedback from other EA practitioners.
The goal of this workshop is to capture sufficient insight to extend the current Disruptive Change with Minimum Disruptions toolkit and deliver it to the Open Group Architecture Forum for formal review and adaptation into the TOGAF eco-system as a Guide.
Specific activities: Review broadly defined three EA Services – Optimize, Transform, and Build/Sustain the EA practice. The facilitator will review each service in detail, demonstrate alignment to the TOGAF standard and The Open Group Open CA program, and showcase specific artifacts and deliverables as well as governance and decision rights.
Forum Members Only (Tue)
Networking Dinner Event (Tue)
TOGAF® 9 Case Studies
The Agency for Public Management and eGovernment (DIFI) is responsible for ID-Porten. ID-porten is a common log-in solution to public services. See http://eid.difi.no/en/id-porten for more.
DIFI has a Project to integrate with an EU based solution: The European Interoperability Reference Architecture (EIRA) is an application of Enterprise Architecture with a focus on interoperability in the public sector. See architecture here: https://joinup.ec.europa.eu/site/eia/EIRA/EIRA_beta_dev/HTML/model.html.
This presentation explains how DIFI used the TOGAF, ArchiMate and Open FAIR standards to ensure privacy and security concerns in a business context.
While many organizations follow the TOGAF framework to successfully document their current architecture, some struggle with effectively developing target architectures and transition plans that become a driver for change.
This presentation will look at different roadmapping techniques that have been successfully used to help organizations implementing the TOGAF framework to proactively understand the future landscape, what options might be available to them and how to go about moving towards the desired state.
These techniques will be supported by practical case studies of real-world organizations that have used them effectively to ensure the health of their EA practices and maximize the benefit of EA to their stakeholders.
EA & Capability Based Planning
This workshop will show you how the validation and implementation of your business strategy can be supported by a combination of strategy modeling, capability-based planning, and enterprise architecture and portfolio management.
Strategy modeling enables the formalization and focus of the business strategy towards goals. Furthermore, it enables traceable steps in entire trajectory of strategy execution.
Capability-based planning is centered on realizing strategic goals by focusing on what an organization can do, rather than how it can do this. With this, business leaders can plan organizational change based on business outcomes, rather than projects, processes and applications.
Creating and improving capabilities is supported by enterprise architecture as the backbone of organizational design. It provides a clear line-of-sight between strategic goals, operational services, processes, and systems, and the project and programs that realize these. This enables you to manage the various dependencies and risks involved in realizing your strategy, ensuring coherence across the enterprise.
Enterprise portfolio management supports prioritization and decision making on the requisite assets and change initiatives that realize the envisaged architecture and capabilities. Relating data from financial and other systems to your architecture and portfolios, provides a solid basis for analysis and decision making.
We will show how this entire trajectory of strategy execution is facilitated by an integrated solution for describing your strategy, capabilities, enterprise architecture, and portfolios.
We will illustrate this approach to strategy execution with two real-life case studies:
IT4IT™ - Managing Business of IT
The Open Group IT4IT™ Forum, launched in October 2014, is developing a new standard based on a reference model for "Managing the Business of IT" and consequently has many touchpoints with other standards including key Open Group standards. This session will position and seek a dialog on IT4IT’s evolution in relation to: TOGAF®, ArchiMate®, ITIL, COBIT, SAFe, CMMI, TOSCA, OSLC, vertical standards, agile movement
The discussion will include:
The session will be collaborative and open, promoting the exchange of ideas about comparative IT standards.
All organizations in today’s world need IT to support the mission of the business and keep it operational. For the most part, the things an organization needs to run the business of IT are ubiquitous. The Open Group has established a new forum where an industry standard is being developed for a common operating model for the business of IT – IT4IT. The IT4IT operating model allows the IT function to achieve the same level of business discipline, predictability and efficiency as other functions in the business. The IT Value Chain of Plan-Build-Deliver-Run is described further by the corresponding value streams of Strategy-to-Portfolio, Requirement-to-Deploy, Request-to-Fulfill, and Detect-to-Correct. These in turn are supported by the IT4IT Reference Architecture – a service model, an information model, functional model, and an integration model.
The speaker will provide an overview of IT4IT and describe how it is being used to drive organization change in real-world implementations.
The power of modern virtualization makes it possible to directly investigate architectural solutions inexpensively. With technologies such as Vagrant and Docker, and the easy availability of high-quality open source solutions, multi-node proofs of concept can be constructed as miniaturized virtual systems.
See a walkthrough of a complete, end to end DevOps environment, built through “infrastructure as code” techniques, running on a single laptop. The Calavera project (available on GitHub) is based on Virtualbox with Vagrant and Chef scripts which build a local 6-node VM cluster, including:
Building such a solution in years past would have required significant investments for computing capacity, configuration effort, and commercial software. Now, complex distributed systems can be realized in miniature directly, reducing the friction for architectural investigations.
Hear also the motivations behind the project, intended as a microkernel for a larger enterprise IT simulation and currently in use for instructional purposes at the University of St. Thomas. Can such simulations better ground architectural debates? Can we understand capability roadmaps more effectively if they are grounded in concrete yet inexpensive proofs of concept? How far can we scale up these approaches? Come and participate in an interesting, innovative discussion. Intended audience: Practicing architects, consultants, trainers
The Open Group IT4IT™Forum provides a vendor-neutral 'place' to meet, gain knowledge and lead the development of the IT4IT Reference Architecture for IT management portfolio. The mission of the IT4IT Forum is to create and drive the adoption of the IT4IT standard that will provide a vendor-neutral Reference Architecture for managing the business of IT, enabling insight for agile improvement with increased focus on business outcomes. The panel session will highlight the wide range of development opportunities that the IT4IT Forum offers IT staff.
Coffee (Wed morning)
Knowledge Architecture
In a knowledge-based economy, enterprise survival depends on the ability to make sense of the flood of available knowledge, information and data coming from both within and without the organization. A coherent Enterprise Information Architecture is key to leverage, transform and manage the increasingly disparate holdings so that all stakeholders can make their decisions based on quality information.
The challenge is that in most enterprises massively redundant and incoherent data sets are siloed in hundreds of services / applications; sorting it out seems overwhelming to most CIOs. This is further exacerbated by the fact there is little commonality and mutual awareness of the terminology and techniques used by the various professions dealing with knowledge, information or data.
The presentation provides some common lexicon and highlights a unified model that enables CIOs / CDOs to incrementally create an enterprise information architecture.
A key requirement in today’s enterprises is the organization of knowledge in a manner that benefits all employees, irrespective of their geographic location and the business unit they serve. In this case study, I will cover how knowledge generated by various groups with an enterprise, flows across various logical boundaries, without compromising the confidentiality of information belonging to a specific business unit.
The solution framework was built to address the following principles:
1) Logical knowledge hives for various business units – Business units in an organization generate knowledge that is specific and confidential to the respective units. Access to the information should be controlled by authorized administrators of the hive.
2) Libraries to hold policy documents – Organization has its policy documents which should be accessible by all employees of the organization. Libraries should be built as containers for such documents, and workflow built to notify employees of any policy change.
3) Crowdsourcing Ideas – Provision for employees to give ideas for improvement initiatives. Most impactful ideas should be picked for implementation. Employee, who gives the idea, should be able to track the progress made on implementation.
4) Library of reusable assets – Provision for employees to publish assets that can be reused across groups in the organization. Publication of the asset goes through a SME review workflow. Provision to rate and provide feedback on asset should be provided.
5) Governance – All the logical groups created within the solution framework, should have administrators who control access, amount of storage space allocated, archiving policy for the group.
From this case study, the audience should be able to take away the key attributes and the governance principles to be kept in mind when designing Knowledge Management System for seamless integration across different groups in an organization.
TOGAF® 9 Standard
This panel discussion addresses how the TOGAF standard will evolve in the future. Each panelist will be given the opportunity to make a short statement about their views on how the TOGAF standard will evolve. The remainder of the session will address questions from attendees.
Potential topics for discussion could include:
Lunch (Wed)
Architecture Methods and Techniques
Consumers expect mobile applications, wearables and smart devices to work all the time. Enterprise and solution architects must therefore build always-on services from legacy applications with varied availability, performance and scalability characteristics. To bridge this gap, architects are using Backends-as-a-Service (BaaS) and Enterprise Service Buses (ESBs) with cloud-based and on-premises components.
Architects can use the ArchiMate visual modeling language to express this emerging approach and guide development of always-on services and the applications that use them. This presentation introduces Cambia's always-on services architecture, and its use of the ArchiMate language to develop and communicate it.
In a world where customers demand capabilities faster. In a world where you have to plan and execute simultaneously or be left in the dust. In a world where communications matter more and miscommunication can destroy. You need to understand how what you do impacts and is impacted by changes to both technology and business.
With agile and lean concepts, some architecture organizations find it difficult to stay relevant, often viewed as a hindrance to rapid development with myriad processes and standards. Development teams took it upon themselves to find creative ways to circumnavigate controls created to minimize risk to the organization. But today’s world of increasing demand for rapid delivery, expanding costs, and higher stakes requires key elements makes architecture even more important.
In this session, participants will learn how we’ve adapted architecture to not only support Agile & DevOps, but how we’re at the table with teams to deliver business value collaboratively from small projects to enterprise-scale programs.
Participants will learn:
Open Sessions (Wed)
Forum Members Only (Wed)
Forum Members Only (Thu)