Site Menu

Risk Management Standards and Guidance

By Jim Hietala
Published 07/21/2010

I have for the most part used this blog (too infrequently lately) to comment on security, risk, and compliance topics (generally not related to my employer, The Open Group). As I look to pick up my blogging pace, there are lots of great things relating to these topics that are happening in the various workgroups in The Open Group, so I will be blogging and tweeting on some of them here. First off, the risk management project in The Open Group Security Forum has produced two great publications that are highly useful to risk management practitioners:

Risk Taxonomy Technical Standard This standard (based on FAIR) provides a detailed methodology for analyzing risk.

Technical Guide to Risk Assessment Methodologies

A third publication will be available soon that will describe a cookbook approach to using the Risk Taxonomy Standard (FAIR) with ISO 27005. Best news, all of these documents may be downloaded for free from The Open Group website. They are worth a look, check them out. And if you are interested in security, risk management, and compliance, you might consider checking out The Open Group Security Forum. We do what we believe is important work in these areas, and we need passionate folks to shape and contribute to our work program. More information on current projects is available here. If you'd like to get involved, drop me an e-mail: j.hietala(at)opengroup.org .

Jim

Jim Hietala

Jim Hietala, CISSP, GSEC, is Research Director and a principal of Compliance Research Group, providing research, analysis, and consulting services in the areas of compliance, risk management, and IT security. He is also the Vice President, Security for The Open Group, where he manages all security and risk management programs and standards activities.

Jim has provided research and consulting services to organizations such as SANS, The Open Group, and a number of IT security and compliance vendors. He is a frequent speaker at industry conferences, and he recently authored a comprehensive course on IT risk management. He participates in the SANS Analyst/Expert program, having written several research whitepapers and participated in several webcasts for SANS. He has also published numerous articles on information security, risk management, and compliance topics in publications including The ISSA Journal, Bank Accounting & Finance, Risk Factor, SC Magazine, and others.

An industry veteran, he has held leadership roles at ControlPath, Avail Networks, Alternative Technologies, eSoft, Qwest, Concentric Network, and Digital Pathways. He developed and launched the industry’s first remote access VPN service (Concentric RemoteLink) and encrypting ISDN router (at Network Express), and launched a compliance and risk management software start-up in the IT-GRC market.

He holds a B.S. in Marketing from Southern Illinois University.

Blog: www.compliancefocus.com

Twitter: http://twitter.com/jim_hietala

LinkedIn: http://www.linkedin.com/in/jimhietala

Blogging focus: Compliance, Risk Management, IT Security, IT-GRC software, HIPAA, GLBA, Privacy

Jim can be reached at: jim@compliancefocus.com