New pub from MSIM alum on risk management

The Open Group) used her capstone project as an opportunity to develop instructional materials on organizational risk management -- targeted to be used initially at The Boeing Co., and then made more generally available to the information security community.

As organizations have come to realize the importance of risk management and its quantification, work has been ongoing to develop useful assessment standards. ISO, the International Organization for Standardization, has published a standard for risk management that, as Carlson puts it, "identifies when to analyze risk but not how." Gilliam's project, a "cookbook" for this standard (ISO 27005), details how to apply FAIR (a technical standard with detailed methodology for "understanding, analyzing, and measuring information risk") to various risk management frameworks, and provides companies with a useful and relevant risk analysis method.

The Risk Management Cookbook for ISO27005 has been accepted by The Open Group (TOG) as part of a set of Security Forum publications, and is available for free at their online store. You can also view the project's capstone summary and poster on the iSchool website, at