Jim Hietala, CISSP, GSEC, is Research Director and a
principal of Compliance Research Group,
providing research, analysis, and consulting services in the areas of
compliance, risk management, and IT security. He is also the Vice President,
Security for The Open Group, where he manages all security and risk management
programs and standards activities.
Jim has provided research and consulting services to
organizations such as SANS, The Open Group, and a number of IT security and
compliance vendors. He is a frequent speaker at industry conferences, and he
recently authored a comprehensive course on IT risk management. He participates
in the SANS Analyst/Expert program, having written several research whitepapers
and participated in several webcasts for SANS. He has also published
numerous articles on information security, risk management, and compliance
topics in publications including The ISSA Journal, Bank Accounting &
Finance, Risk Factor, SC Magazine, and others.
An industry veteran, he has held leadership roles at
ControlPath, Avail Networks, Alternative Technologies, eSoft, Qwest, Concentric
Network, and Digital Pathways. He developed and launched the industry’s first
remote access VPN service (Concentric RemoteLink) and encrypting ISDN router
(at Network Express), and launched a compliance and risk management software
start-up in the IT-GRC market.
He holds a B.S. in Marketing from Southern Illinois
University.
Blog: www.compliancefocus.com
Twitter: http://twitter.com/jim_hietala
LinkedIn: http://www.linkedin.com/in/jimhietala
Blogging focus: Compliance, Risk Management, IT Security, IT-GRC software, HIPAA, GLBA, Privacy
Jim can be reached at: jim@compliancefocus.com
Blogs by this Author
I was out on vacation (and then at RSA) when much of the interesting detail about the Hannaford breach emerged. Security professionals and probably the general public are growing a little desensitized...
A recent consulting assignment had me creating a comprehensive, 300 slide course on IT risk management. It was an interesting exercise, and gave me the chance to learn a lot about risk management. I...
Vendors providing software that helps manage the overall IT risk and compliance process now have an official category: IT-GRC. Several leading analyst firms have now gravitated to this label. Becom...
First it was "Clooneygate", when healthcare workers at a hospital in New Jersey improperly accessed the medical records of George Clooney, and where dozens of healthcare workers were suspended.Now the...
Michael Rasmussen has a great post on the difference between enterprise GRC and IT-GRC up on his blog. As someone who has previously worked for an early IT-GRC vendor, I have a lot of thoughts on the ...
Since the passage of SB1386 a couple of years ago, over 30 states have now passed legislation requiring notification in the event of security breaches. What is interesting to me, and what likely cause...
CMS has now posted a document entitled Sample - Interview and Document Request for HIPAA Security Onsite Investigations and Compliance Reviews. The document closely mirrors the information that surfac...
In a post entitled Applying Security Standards Like ISO 27002 to Compliance Requirements, Mark Tordoff comments on an article by Richard Mackey in SearchSecurity. The gist of both articles is that u...
This article, The Compliance Cop-Out,caught my eye recently. Bob Bragdon, publisher of CSO Magazine, believes that CSO’s are copping out by using regulatory compliance as the justification for...
I came across several items recently that (taken together) confirm my belief that the privacy breaches we have seen here in the US are just the tip of the iceberg. First, a UK news outlet did an und...
