Security Catalyst 19 – The Secrets of Risk Management (With Ron Woerner)

by | Feb 22, 2006 | Ideas & Insights

I had the opportunity yesterday to speak with Ron Woerner about Risk Management… and I was so impressed and excited about the tips and advice that he shared that I decided to get this out to you right away.

Ron Woerner is an expert in information security and has spearheaded an effort to develop an effective risk management program for a large company. He agreed to speak with me about his experiences – and provides great ideas, insights and information that we can all use!

I want to thank Ron for speaking with us and for sending along some resources. I’ve actually invited Ron to present on “FREE SECURITY” in an upcoming free teleseminar for our newsletter subscribers. Subscribe today so you don’t miss the resources he is going to share.

If you enjoyed this interview, please tell a friend, colleague or other security professional — this is an important topic, and the 25 minutes Ron shared will help anyone save a lot of time and money!

Risk Management Resources

ASIS International, General Security Risk Assessment Guideline, 2003

BITS, Kalculator: Key Risk Measurement Tool for Information Security Operational Risks, July 2004

Berinato, Scott, “Enterprise Risk Management,” CIO Magazine, November 1, 2004, pp. 46-58

Bernstein, Peter L., Against the Gods: The Remarkable Story of Risk, John Wiley & Sons, 1998.

COSO (Committee of Sponsoring Organizations of the Treadway Commission), Enterprise Risk Management – Integrated Framework, September 2004

IRM AIRMIC & ALARM, A Risk Management Standard, 2002

Microsoft Corporation, The Security Risk Management Guide, 2004

NIST (National Institute of Standards and Technology), Special Publication 800-30: Risk Management Guide for Information Technology Systems, October 2001.


NIST (National Institute of Standards and Technology), Special Publication 800-37: Guide for Security Certification and Accreditation of Federal Information Systems, May 2004.

NIST (National Institute of Standards and Technology), Special Publication 800-64: Security Considerations in the Information System Development Life Cycle, October 2003.

Risk Management FAQ, Carnegie-Mellon Software Engineering Institute