← About

Why have OSA?

Simplify security requirements, leverage best practice patterns, and benefit from community expertise.

OSA is of value to you for 4 reasons:

  1. A single, consistent, clearly defined control catalog provides an excellent means to simplify requirements from numerous standards, governance frameworks, legislation and regulations.
  2. Patterns are a great way to show the best practice set of controls that should be specified for a given situation.
  3. Many eyes make for better security - the OSA community helps create high quality material through the experience of the group.
  4. Applying OSA patterns in your work gives you a fast start, improves the quality of the solution you deploy, and reduces overall effort.

Longer term strategic considerations

OSA can provide significant benefits in the longer term due to the nexus of a number of trends playing out in the IT industry:

1) Service-Based IT Environment The IT world is changing to an environment where services will be provided and consumed in complex webs. Companies prefer to buy IT services rather than implement, build and operate. Software as a Service is becoming a viable model given ubiquitous access to high bandwidth connections.

2) Security Assurance Importance Assuring the appropriate security of IT services becomes ever more important as we place more reliance on them for critical tasks. The confidentiality, availability and integrity of a chain of components is only as good as the weakest link.

3) GRC Complexity IT consumers need to assure that an IT service will meet the Governance, Risk and Compliance (GRC) requirements for the business process being supported. GRC requirements are often hard to articulate and can be specified by multiple, inconsistent, and often overlapping standards (ISO27001, COBIT, COSO, ITIL, etc.).

By mapping regulations and legislation against a standard controls catalog we can reduce duplication, increase clarity and improve the ability to implement within specific systems.

Benefits

OSA can provide benefits to IT service consumers, IT service suppliers and IT vendors, giving the entire IT community an interest in using and improving.

  • IT service consumers can better specify or assess services they purchase, reduce knowledge risks, improve conformance with GRC requirements and reduce audit costs.
  • IT service suppliers can provide conformant solutions at the least cost to the largest market.
  • IT vendors are able to build systems with relevant and appropriate controls.

But why Open?

We believe an open approach is best because we do not think any one party can represent the interests of all parties who will participate in these complex webs of services. An open approach means that the patterns and catalogues will benefit the whole community and can be more quickly improved and refined by the common experience of participants.

In the same way that the Internet uses design standards for communication protocols and applications, we feel that the time has come to apply these same concepts at the architecture level.