Open Group Seeks Universal Risk Management Taxonomy

The Open Group, a vendor- and technology-neutral consortium focused on open standards and global interoperability within and between enterprises, recently announced that the organization's Security Forum has initiated work on a risk management and analysis taxonomy standard. This is the first phase of a comprehensive initiative aimed at eliminating widespread industry confusion about risk management among risk managers, security and IT professionals, as well as business managers.

The Security Forum's focus on a risk management and analysis taxonomy is in direct response to the idea that risk analysis has historically been more art than science. Prior risk taxonomies used terms which were ill-defined, resulting in many inconsistent definitions and taxonomies within the information security landscape. None of these provided a clear and logical representation of the fundamental problem that the risk management profession must control -- the frequency and magnitude of loss.

"The Open Group Security Forum has chosen to start this standards work from its core -- understanding what 'risk' truly is," said Mike Jerbic, chairman, The Open Group Security Forum. "We believe that no significant progress can be made until we have a rigorous taxonomy for the terms and definitions we use in risk management.

The Open Group Security Forum's risk taxonomy will promote a consistent, tightly defined use of risk management terminology, in order to ensure a common understanding between different analysts and analysis methods. Misunderstandings of language and meaning often exist between senior management, personnel responsible for enterprise risk management and those responsible for IT risk management. Seemingly simple terms such as "threat," "vulnerability," and "risk" are used with different meanings by these various stakeholders. A commonly accepted taxonomy of terms and definitions is essential to enable all of the interested parties -- including risk management practitioners, business managers and IT professionals -- to understand each other and ultimately achieve their desired risk management goals.

Risk Management Insight, a member of The Open Group's Security Forum, seeded the initiative by contributing its FAIR (Factor Analysis for Information Risk) risk management taxonomy and methodology as the foundation for further development. "We felt that The Open Group's Security Forum was a perfect organization to lead the charge in developing a standard common language, or taxonomy, for risk management and analysis," said Alex Hutton, CEO, Risk Management Insight. "With the increasingly complex security requirements, organizations cannot afford to not be on the same page when it comes to assessing these risks."

As there are many risk assessment methodologies available -- all claiming to produce better results than the others -- The Open Group Security Forum's goal is to enable an objective evaluation of how any one risk assessment methodology achieves a comprehensive risk assessment and credible results. After the initial taxonomy has been established, the Security Forum will develop an industry standard aimed at defining the essential components, methodology and characteristics, that an effective Risk Assessment Methodology must address, and globally promote these as common criteria. The scope of this next phase is likely to include mapping these common criteria to the requirements established in other relevant industry-specific standards such as BITS Shared Assessments standards and COBIT (Control Objectives for Information and related Technology).

Featured

New Products

  • Luma x20

    Luma x20

    Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.”

  • Automatic Systems V07

    Automatic Systems V07

    Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file.

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening.