The Open Group Security Forum completed a major risk management initiative with the publication of the Cookbook for ISO/IEC 27005:2005 (registration required).
The cookbook is a comprehensive initiative aimed at eliminating widespread industry confusion about risk management among risk managers, security and IT professionals, as well as business managers.
This publication is meant to be a “recipe” of sorts, providing a detailed description of how to apply The Open Group’s FAIR (Factor Analysis for Information Risk) Risk Taxonomy Standard to any other risk management framework to help improve the consistency and accuracy of the resulting framework.
By following the cookbook example in the guide, risk technology practitioners can apply the example with significantly beneficial outcomes when using other frameworks of their choice.
This is a guide for anyone tasked with selecting, performing, evaluating, or developing a risk assessment methodology, including all stakeholders responsible for areas with anything risk related, such as business managers, information security/risk management professionals, auditors, and regulators (both policy-makers and as law-makers).
Looking ahead at the rest of 2011, The Open Group Security Forum has an active pipeline of projects to address the increasing risk and compliance concerns facing IT departments across organizations today.
Be on the lookout for the publication of the ISM3 standard, revised Enterprise Security Architecture Guide, and ACEML standard in the late spring/early summer months!