- Enterprise Architecture
- Cloud Computing
- Enterprise Management
- Product Lifecycle
- Real-time & Embedded Systems
- Semantic Interoperability
- Service-Oriented Architecture
Managing risk is an essential component of an information security program. Risk management is fundamental to effectively securing information, IT assets, and critical business processes. Risk management is also a challenge to get right. With numerous risk management frameworks and standards available, it can be difficult for practitioners to know where to start, and what methodologies to employ.
Recognizing the importance of risk management, The Open Group has done, and continues to do, significant work in this area.
Publications in the area of risk management include:
Risk Taxonomy Technical Standard. This document provides a standard definition and taxonomy for information security risk, as well as information regarding how to use the taxonomy. The intended audience for this document includes anyone who needs to understand and/or analyze a risk condition. This includes, but is not limited to, information security and risk management professionals, auditors and regulators, technology professionals, and management.
Requirements for Risk Assessment Methodologies. This document identifies and describes the key characteristics that make up any effective risk assessment methodology, thus providing a common set of criteria for evaluating any given risk assessment methodology against a clearly defined common set of essential requirements.
FAIR – ISO/IEC 27005 Cookbook. This document describes in detail how to apply the Risk Taxonomy Standard and the FAIR (Factor Analysis for Information Risk) methodology to the ISO/IEC 27005 standard. This cookbook will be of interest to anyone seeking to use FAIR with other risk management frameworks (including COSO, ITIL, OCTAVE, COBIT, and others).
Ongoing work projects in the area of risk management include:
Dependency Modeling - Managing Risk in Complex Interdependent Systems. This project seeks to create a standard for evaluating trust levels to establish a chain of trust between collaborating parties, allowing secure and trusted exchange of digital Information and transactions based on Risk Status. This project is part-funded by the UK Technology Strategy Board [TSB].