Jim Hietala, CISSP, GSEC, is Research Director and a
principal of Compliance Research Group,
providing research, analysis, and consulting services in the areas of
compliance, risk management, and IT security. He is also the Vice President,
Security for The Open Group, where he manages all security and risk management
programs and standards activities.
Jim has provided research and consulting services to
organizations such as SANS, The Open Group, and a number of IT security and
compliance vendors. He is a frequent speaker at industry conferences, and he
recently authored a comprehensive course on IT risk management. He participates
in the SANS Analyst/Expert program, having written several research whitepapers
and participated in several webcasts for SANS. He has also published
numerous articles on information security, risk management, and compliance
topics in publications including The ISSA Journal, Bank Accounting &
Finance, Risk Factor, SC Magazine, and others.
An industry veteran, he has held leadership roles at
ControlPath, Avail Networks, Alternative Technologies, eSoft, Qwest, Concentric
Network, and Digital Pathways. He developed and launched the industry’s first
remote access VPN service (Concentric RemoteLink) and encrypting ISDN router
(at Network Express), and launched a compliance and risk management software
start-up in the IT-GRC market.
He holds a B.S. in Marketing from Southern Illinois
University.
Blog: www.compliancefocus.com
Twitter: http://twitter.com/jim_hietala
LinkedIn: http://www.linkedin.com/in/jimhietala
Blogging focus: Compliance, Risk Management, IT Security, IT-GRC software, HIPAA, GLBA, Privacy
Jim can be reached at: jim@compliancefocus.com
New bill introduced in the senate "Fostering a Global Response to Cyber Attacks Act", available here.Maybe I have a strange sense of humor, but I find this amusing. It is a nothing little piece of pro...
David Rice has a must read blog post here, on leadership of security and compliance. It includes this insightful observation: "In other words, compliance is blind to value and insensitive to risk."H...
Here’s an industry with no regulation, no oversight, no one looking over their shoulders. And they collect A LOT of data about individuals, and they have a lousy record of securing this info...
Work took me to both the RSA show and the InfoSec show this year (whose brilliant idea was it to schedule those two shows back-to-back, anyways?). Wandering around both shows a little, and talking to ...
The big buzz seemed to me to be around two things:1) The high profile infrastructure and defense industrial base breaches, and the big changes that will inevitably result with more government i...
Bob Blakley has a great blog post up here on the effect that privacy breach insurance may have on privacy. He describes how the concept of moral hazard applies to this area, with the unintended conseq...
A new cyber crime study about targeted and politically inspired attacks on countries, was reported on in the NY Times today here. My first reaction was to just sort of shrug...this sort of attack has...
Rich Mogull pretty well nails the problem with respect to some of the recent breaches in the retail area. I couldn't have said it better. In a previous life with an IT-GRC vendor, we played around wit...
The obvious answer is it depends. It might be $1,500 if it’s a nice new laptop with no data on it. News last week on the VA security breach from a couple of years ago sets a new upper bound ...
Article that I co-wrote with Mark Willoughby, on compliance and cloud computing, part of a series of five articles, published on The Compliance Authority here (registration required).Jim