Improving the Measurement and Communication of Information Security Risk: Launching Open FAIR Certification
Jim Hietala, VP Security, The Open Group, US; and Steve Tabacek, CEO, CXOWARE, US
Risk analysis has grown to be a critical function in enterprises. As organizations are confronted with a confusing array of threats, gaining a more precise understanding of which risks are the most serious ones to address is important. This talk will explore common challenges in risk analysis, including measurement of risk, and communication on risk with senior executives, and it will discuss popular risk management frameworks and how they deal with these topics.
The Open Group published its Risk Taxonomy Standard, based upon FAIR (Factor Analysis for Information Risk) several years ago to address the need for a standardized taxonomy in risk analysis. It has also now published a companion Risk Analysis Standard, and has launched a new risk analyst certification program. This talk will provide an overview of these standards, how they address the issues of risk measurement and communication, and the new Open Group FAIR Certification for People program.
Jim Hietala is Vice President, Security for The Open Group, where he manages all security and risk management programs and standards activities. He holds several security and risk certifications including CISSP, GSEC, and Open FAIR Foundation. Jim is a frequent speaker at industry conferences, and he recently authored a comprehensive course on IT risk management. He participates in the SANS Analyst/Expert program, having written several research whitepapers and participated in several webcasts for SANS. He has also published numerous articles on information security, risk management, and compliance topics in publications including The ISSA Journal, Bank Accounting & Finance, Risk Factor, SC Magazine, and others. A security & risk industry veteran, he has held leadership roles at security vendors including ControlPath, Avail Networks, Alternative Technologies, eSoft, Qwest, Concentric Network, and Digital Pathways. He holds a B.S. in Marketing from Southern Illinois University.
Steven Tabacek is Cofounder and CEO of CXOWARE and is focused on recruiting and working with an exceptional team to deliver the highest obtainable value to customers and investors. Steven is the founder and former CEO of IT-Lifeline and under his leadership, IT-Lifeline grew from a single service outsourced data backup service provider to one of the largest full-service business recovery centers in the Northwest supporting 100+ corporate customers primarily in the finance and healthcare sectors. Prior to IT-Lifeline Steven had 20+ years managerial and technical experience within the government and heavily regulated finance sectors. Steven is a veteran of the U.S. Air Force where he specialized in secure communications and management of large computing environments. Steven’s education includes U.S. Air Force Technical University certifications, an array of IBM technical certifications, and holds a BA Business Administration from Eastern Washington University.