Jim Hietala, CISSP, GSEC, is Research Director and a
principal of Compliance Research Group,
providing research, analysis, and consulting services in the areas of
compliance, risk management, and IT security. He is also the Vice President,
Security for The Open Group, where he manages all security and risk management
programs and standards activities.
Jim has provided research and consulting services to
organizations such as SANS, The Open Group, and a number of IT security and
compliance vendors. He is a frequent speaker at industry conferences, and he
recently authored a comprehensive course on IT risk management. He participates
in the SANS Analyst/Expert program, having written several research whitepapers
and participated in several webcasts for SANS. He has also published
numerous articles on information security, risk management, and compliance
topics in publications including The ISSA Journal, Bank Accounting &
Finance, Risk Factor, SC Magazine, and others.
An industry veteran, he has held leadership roles at
ControlPath, Avail Networks, Alternative Technologies, eSoft, Qwest, Concentric
Network, and Digital Pathways. He developed and launched the industry’s first
remote access VPN service (Concentric RemoteLink) and encrypting ISDN router
(at Network Express), and launched a compliance and risk management software
start-up in the IT-GRC market.
He holds a B.S. in Marketing from Southern Illinois
University.
Blog: www.compliancefocus.com
Twitter: http://twitter.com/jim_hietala
LinkedIn: http://www.linkedin.com/in/jimhietala
Blogging focus: Compliance, Risk Management, IT Security, IT-GRC software, HIPAA, GLBA, Privacy
Jim can be reached at: jim@compliancefocus.com
Blogs by this Author
Article that I co-wrote with Mark Willoughby, on compliance and cloud computing, part of a series of five articles, published on The Compliance Authority here (registration required).Jim
I noticed on Rebecca Herold's blog (who provides excellent coverage of privacy/security issues) that today is international data privacy day. I tend to be a little bit of a cynic when it comes to thin...
Wow! Another retail/credit card breach, potentially 100 million credit cards at risk, as reported here:
Heartland
Payment Systems, a credit card processor, announced today, January 20th, that
up...
The Open Group Security Forum has recently published two documents in the risk management area that are worth taking note of. The first is a Risk Taxonomy Standard. This standard fills a gap among the...
A shameless little self-promotion, The Open Group is putting on a security-focused conference in San Diego, 2/4-2/5. The big topic is "Security of Cloud Services", and a first-rate slate of speakers f...
An interesting study on the financial impact to financial institutions of the TJX and Hannaford breaches is here. It was conducted by the Maine Bureau of Financial Institutions, and looks only at the ...
I finally got around to installing and using NoScript
recently. First let me say that I appreciate the functionality it provides, and
the attacks that it prevents. Now that I got that out of...
An interesting article is here,
that describes the impact of data breach laws. The article rightly credits the
California data breach law with starting the ball rolling on requiring
compani...
Not much of a contest actually, as CMS hasn’t officially moved
the HIPAA bar at all. Maybe the HITRUST alliance will have an impact in
healthcare, but probably not, unless they have so...
I have been doing some research in preparation for an
upcoming conference that I am helping to organize (The Open Group Security
Practitioners Conference), where cloud computing security...
