I had the opportunity yesterday to speak with Ron Woerner about Risk Management… and I was so impressed and excited about the tips and advice that he shared that I decided to get this out to you right away.
Ron Woerner is an expert in information security and has spearheaded an effort to develop an effective risk management program for a large company. He agreed to speak with me about his experiences – and provides great ideas, insights and information that we can all use!
I want to thank Ron for speaking with us and for sending along some resources. I’ve actually invited Ron to present on “FREE SECURITY†in an upcoming free teleseminar for our newsletter subscribers. Subscribe today so you don’t miss the resources he is going to share.
If you enjoyed this interview, please tell a friend, colleague or other security professional — this is an important topic, and the 25 minutes Ron shared will help anyone save a lot of time and money!
Risk Management Resources
ASIS International, General Security Risk Assessment Guideline, 2003
BITS, Kalculator: Key Risk Measurement Tool for Information Security Operational Risks, July 2004
Berinato, Scott, “Enterprise Risk Management,†CIO Magazine, November 1, 2004, pp. 46-58
Bernstein, Peter L., Against the Gods: The Remarkable Story of Risk, John Wiley & Sons, 1998.
COSO (Committee of Sponsoring Organizations of the Treadway Commission), Enterprise Risk Management – Integrated Framework, September 2004
IRM AIRMIC & ALARM, A Risk Management Standard, 2002
Microsoft Corporation, The Security Risk Management Guide, 2004
NIST (National Institute of Standards and Technology), Special Publication 800-37: Guide for Security Certification and Accreditation of Federal Information Systems, May 2004.
NIST (National Institute of Standards and Technology), Special Publication 800-64: Security Considerations in the Information System Development Life Cycle, October 2003.
Risk Management FAQ, Carnegie-Mellon Software Engineering Institute