Open Group Security Forum Completes Second Phase of Risk Management Project
The Open Group, a vendor- and technology-neutral consortium focused on open standards and global interoperability within and between enterprises, announced the organization's Security Forum has completed the second phase of a major initiative focused on risk management.
The Security Forum's comprehensive project is aimed at eliminating widespread industry confusion about risk management among risk managers, security and IT professionals, as well as business managers. The Open Group Security Forum is also maintaining an active pipeline of projects to address the increasing risk and compliance concerns facing IT departments across organizations today.
Amidst increased product offerings, coupled with escalating threats and regulations, risk management and compliance remain difficult to manage. Therefore, the Security Forum's goal for this phase of the risk management project is to provide companies guidelines on how to objectively evaluate whether risk assessment methodologies achieve comprehensive risk assessment and credible results.
Phase two is now available as a technical guide titled "Requirements for Risk Assessment Methodologies," which describes key risk assessment traits, advises on quantitative versus qualitative measurements and addresses the need for senior management involvement.
In addition to dealing with increased security threats, companies are also struggling with the cost and complexity of meeting regulatory compliance mandates. The Security Forum is also working on two standards to ease both compliance and audit reporting.
The new compliance standard, ACEML, will provide an XML-based compliance knowledgebase from which cost-effective compliance programs can be created. The ACEML is intended to allow security and risk practitioners to reconcile differences between disparate policies when applied to a single system.
The Security Forum is also updating its existing audit and logging standard, XDAS, to help ease the difficulty and cost of log management. This standard aims to make audit records more descriptive and useful, and to make it easier to consume and understand log information. Both the XDAS and ACEML standards will enable vendors to build products conforming to open standards in these areas.
"The Security Forum is taking an active role in producing risk and compliance standards that will help our customer organizations and others relieve the pain points involved in managing ever-increasing security risks and negotiating complex regulatory requirements," said Jim Hietala, vice president of security at The Open Group. "We invite customers, vendors and industry experts interested in our work to become involved in any of these projects."
The risk management technical guide is available free for download online: http://www.opengroup.org/bookstore/catalog.