Jim Hietala

Jim Hietala, GSEC, GCFW and CISSP, is the principal of Compliance Research Group, providing research, analysis, and consulting services in the areas of compliance, risk management, and IT security. Jim has provided consulting services to organizations such as SANS, The Open Group Security Forum, Logical Security, and a number of IT security and compliance vendors. He is a frequent speaker at industry conferences, and he recently authored a comprehensive course on IT risk management. He participates in the SANS Analyst/Expert program, having written several whitepapers and participated in several webcasts for SANS. He has also published numerous articles on information security, risk management, and compliance topics in publications including The ISSA Journal, Bank Accounting & Finance, Risk Factor, and others. He holds a B.S. in Marketing from Southern Illinois University.

Editorial focus: Compliance, Risk Management, IT Security, IT-GRC software, HIPAA, GLBA, Privacy

Jim can be reached at: jim@compliancefocus.com

Published on 02/20/2008

New developments in NERC/FERC compliance, control system security

A blog by Digital Bond tracks developments in NERC/FERC, and generally in the area of control system security. A recent entry by Jason Holcomb points to a DOE project called Bandolier that looks like it will deliver significant leverage to those tasked with compliance in the energy/utility industry. Essentially, the project will deliver templates for hardended system configurations that can be *automatically* checked and reported on by Nessus. This is a great development, and the project is worth paying attention to, as it will allow some of the compliance data to be pulled automatically out of Nessus.

And by the way, the Digital Bond website is a great resource for information on SCADA, control system security, and NERC/FERC compliance.