One of the most important responsibilities of the information security professional (or any IT professional, for that matter) is to help management make well-informed decisions. Unfortunately, this has been an illusive objective when it comes to risk.
These days, organizations are rarely self-contained. The challenge here is how to manage the dependencies your operations have on factors that are outside your control. The Open Group’s Dependency Modeling (O-DM) standard specifies how to construct a dependency model to manage risk and build trust over organizational dependencies between enterprises – and between operational divisions within a large organization.
In a previous article, “Cloud Computing requires Enterprise Architecture and TOGAF 9 can show the way,” I described the need to define a strategy as an additional step in the TOGAF 9 Preliminary Phase. This article describes in more detail what could be the content of such a document, specifically, what are the governance activities related to the Consumption and Management of Cloud Services.
We created the Cookbook for ISO/IEC 27005:2005 for anyone tasked with selecting, performing, evaluating, or developing a risk assessment methodology. I can say with confidence that we have met our goals in creating comprehensive and needed guidance and standards in the area of risk analysis.
Listen to our recorded podcast on how enterprises need to change their thinking to face cyber threats, or read the transcript. The podcast was recorded by Dana Gardner of Interarbor Solutions at The Open Group Conference, San Diego 2011.
The Open Group Conference, San Diego: I’ve found these conferences over the past five years an invaluable venue for meeting and collaborating with CIOs, enterprise architects, standards stewards and thought leaders on enterprise issues. It’s one of the few times when the mix of technology, governance and business interests mingle well for mutual benefit.