Jim Hietala, CISSP, GSEC, is Research Director and a
principal of Compliance Research Group,
providing research, analysis, and consulting services in the areas of
compliance, risk management, and IT security. He is also the Vice President,
Security for The Open Group, where he manages all security and risk management
programs and standards activities.
Jim has provided research and consulting services to
organizations such as SANS, The Open Group, and a number of IT security and
compliance vendors. He is a frequent speaker at industry conferences, and he
recently authored a comprehensive course on IT risk management. He participates
in the SANS Analyst/Expert program, having written several research whitepapers
and participated in several webcasts for SANS. He has also published
numerous articles on information security, risk management, and compliance
topics in publications including The ISSA Journal, Bank Accounting &
Finance, Risk Factor, SC Magazine, and others.
An industry veteran, he has held leadership roles at
ControlPath, Avail Networks, Alternative Technologies, eSoft, Qwest, Concentric
Network, and Digital Pathways. He developed and launched the industry’s first
remote access VPN service (Concentric RemoteLink) and encrypting ISDN router
(at Network Express), and launched a compliance and risk management software
start-up in the IT-GRC market.
He holds a B.S. in Marketing from Southern Illinois
University.
Blog: www.compliancefocus.com
Twitter: http://twitter.com/jim_hietala
LinkedIn: http://www.linkedin.com/in/jimhietala
Blogging focus: Compliance, Risk Management, IT Security, IT-GRC software, HIPAA, GLBA, Privacy
Jim can be reached at: jim@compliancefocus.com
Blogs by this Author
I guess this is what happens when you are the home state of TJX and BJ's Wholesale. Massachusetts has passed a regulation that adds *significant* prescribed security controls in support of their data ...
I missed this a few months ago when it first appeared, but today ran across an article from September in Computerworld that described the penalties levied by DHHS against Providence Health in Seattl...
Nevada is set to start enforcing compliance with a law governing how businesses operating in the state can transmit personally identifiable information (PII). The law (see article here, or see the act...
Following the lead of Minnesota, the California legislature
recently
passed legislation (AB 1656) that requires retailers to implement data
protection controls if they retain customer’...
I am reading Geekonomics at present, and while there are many reasons to praise the book, one of the key takeaways for me has been something that I haven't thought about previously. Namely, that the d...
The Joint Commission, which is a non-profit organization that publishes standards for healthcare organizations and runs an accreditation program, is updating some of their standards for 2009, includi...
The story about China hacking into politicians systems has been in the news the today (Network World coverage). Maybe it's actually a good thing in the long run, because this kind of activity has the...
Martin McKeay recently posted a blog entry on behalf of Eric Irvin that describes Google's personal health record services, and their posture relative to HIPAA requirements. The short version of the s...
Great, a food fight erupts on one of my favorite topics, and I’m the last guy to reach for the mashed potatoes. Rich Mogul decides that GRC is dead, and Alan Shimel points out some IT security r...
Doing what I do in my day job, I sit
through a lot of presentations on various aspects of security. I had the
pleasure of sitting through a couple of presentations this week (one by a
leadi...
