Security Forum Completes Cookbook for ISO/IEC 27005:2005

The Open Group Security Forum has completed the last phase of its risk management initiative with the publication of the ‘Cookbook for ISO/IEC 27005:2005’. The book is the culmination of the work the members of the Security Forum have undertaken over the past two-and-a-half years – a initiative aimed at eliminating widespread industry confusion about risk management among risk managers, security and IT professionals, as well as business managers.

The book is meant to be a ‘recipe’ of sorts, providing a detailed description of how to apply The Open Group’s Factor Analysis for Information Risk (FAIR) Risk Taxonomy Standard to any other risk management framework to help improve the consistency and accuracy of the resulting framework. By following the ‘cookbook’ example in the guide, risk technology practitioners can apply the example with significantly beneficial outcomes when using other frameworks of their choice.

The Open Group Security Forum developed the guide for anyone tasked with selecting, performing, evaluating, or developing a risk assessment methodology, including all stakeholders responsible for areas with anything risk related, such as business managers, information security/risk management professionals, auditors, and regulators (both policy-makers and as law-makers).

Looking ahead at the rest of 2011, the forum has an active pipeline of projects to address the increasing risk and compliance concerns facing IT departments across organisations today.


Related reading