• E-mail
• Print
• Comment
• Font Size
• Digg
• del.icio.us
• Discuss article

The Open Group Security Forum Completes Second Phase of Risk Management Project

Posted on: Tuesday, 26 May 2009, 07:30 CDT

Forum Is Also Working on Standards to Ease Compliance and Audit Reporting

SAN FRANCISCO, May 26 /PRNewswire/ -- The Open Group, a vendor- and technology-neutral consortium focused on open standards and global interoperability within and between enterprises, today announced that the organization's Security Forum has completed the second phase of a major initiative focused on risk management. The Security Forum's comprehensive project is aimed at eliminating widespread industry confusion about risk management among risk managers, security and IT professionals, as well as business managers. The Open Group Security Forum is also maintaining an active pipeline of projects to address the increasing risk and compliance concerns facing IT departments across organizations today.

Amidst increased product offerings coupled with escalating threats and regulations, risk management and compliance remain difficult to manage. Therefore, the Security Forum's goal for this phase of the risk management project is to provide companies guidelines on how to objectively evaluate whether risk assessment methodologies achieve comprehensive risk assessment and credible results. Phase two is now available as a technical guide entitled "Requirements for Risk Assessment Methodologies," which describes key risk assessment traits, advises on quantitative versus qualitative measurements and addresses the need for senior management involvement.

In addition to dealing with increased security threats, companies are also struggling with the cost and complexity of meeting regulatory compliance mandates. The Security Forum is also working on two standards to ease both compliance and audit reporting. The new compliance standard, ACEML, will provide an XML-based compliance knowledgebase from which cost-effective compliance programs can be created. The ACEML is intended to allow security and risk practitioners to reconcile differences between disparate policies when applied to a single system.

The Security Forum is also updating its existing audit and logging standard, XDAS, in order to help ease the difficulty and cost of log management. This standard aims to make audit records more descriptive and useful and to make it easier to consume and understand log information. Both the XDAS and ACEML standards will enable vendors to build products conforming to open standards in these areas.

"The Security Forum is taking an active role in producing risk and compliance standards that will help our customer organizations and others relieve the pain points involved in managing ever-increasing security risks and negotiating complex regulatory requirements," said Jim Hietala, vice president of Security, The Open Group. "We invite customers, vendors and industry experts interested in our work to become involved in any of these projects."

The risk management technical guide is freely available for download online: http://www.opengroup.org/bookstore/catalog/. The third phase of the risk project, expected to be available in Q3, will produce "cookbooks" showing how to use the standard with various risk frameworks, starting with ISO27005 and including COSO, Octave and NIST 800-53.

About The Security Forum

The Security Forum works to raise industry confidence levels by defining technical standards and guidelines to counter the whole range of security risks and vulnerabilities, and also addresses business and technology perspectives. Covering all aspects of information security in open systems environments, including risk management, governance (including audit and compliance), confidentiality, integrity, accountability, non-repudiation, copy-protection, availability, privacy, policy, best practice and frameworks for legal and regulatory issues at global as well as national levels. Further information on The Security Forum can be found at http://www.opengroup.org/security/.

About The Open Group

The Open Group is a vendor-neutral and technology-neutral consortium, which drives the creation of Boundaryless Information Flow(TM) that will enable access to integrated information within and between enterprises based on open standards and global interoperability. The Open Group works with customers, suppliers, consortia and other standard bodies. Its role is to capture, understand and address current and emerging requirements, establish policies and share best practices; to facilitate interoperability, develop consensus, and evolve and integrate specifications and open source technologies; to offer a comprehensive set of services to enhance the operational efficiency of consortia; and to operate the industry's premier certification service. Further information on The Open Group can be found at http://www.opengroup.org.

SOURCE The Open Group

Source: PR Newswire

More News in this Category