Jim Hietala, GSEC, GCFW and CISSP, is the principal of Compliance Research Group, providing research, analysis, and consulting services in the areas of compliance, risk management, and IT security. Jim has provided consulting services to organizations such as SANS, The Open Group Security Forum, Logical Security, and a number of IT security and compliance vendors. He is a frequent speaker at industry conferences, and he recently authored a comprehensive course on IT risk management. He participates in the SANS Analyst/Expert program, having written several whitepapers and participated in several webcasts for SANS. He has also published numerous articles on information security, risk management, and compliance topics in publications including The ISSA Journal, Bank Accounting & Finance, Risk Factor, and others. He holds a B.S. in Marketing from Southern Illinois University.
Editorial focus: Compliance, Risk Management, IT Security, IT-GRC software, HIPAA, GLBA, Privacy
Jim can be reached at: jim@compliancefocus.com
Blogs by this Author
Nevada is set to start enforcing compliance with a law governing how businesses operating in the state can transmit personally identifiable information (PII). The law (see article here, or see the act...
Following the lead of Minnesota, the California legislature
recently
passed legislation (AB 1656) that requires retailers to implement data
protection controls if they retain customer’...
I am reading Geekonomics at present, and while there are many reasons to praise the book, one of the key takeaways for me has been something that I haven't thought about previously. Namely, that the d...
The Joint Commission, which is a non-profit organization that publishes standards for healthcare organizations and runs an accreditation program, is updating some of their standards for 2009, includi...
The story about China hacking into politicians systems has been in the news the today (Network World coverage). Maybe it's actually a good thing in the long run, because this kind of activity has the...
Martin McKeay recently posted a blog entry on behalf of Eric Irvin that describes Google's personal health record services, and their posture relative to HIPAA requirements. The short version of the s...
Great, a food fight erupts on one of my favorite topics, and I’m the last guy to reach for the mashed potatoes. Rich Mogul decides that GRC is dead, and Alan Shimel points out some IT security r...
Doing what I do in my day job, I sit
through a lot of presentations on various aspects of security. I had the
pleasure of sitting through a couple of presentations this week (one by a
leadi...
I was out on vacation (and then at RSA) when much of the interesting detail about the Hannaford breach emerged. Security professionals and probably the general public are growing a little desensitized...
A recent consulting assignment had me creating a comprehensive, 300 slide course on IT risk management. It was an interesting exercise, and gave me the chance to learn a lot about risk management. I...
