The Integrated Risk Management Group
OPA Inc. was formed eighteen years ago as a consulting firm specializing in Information Security. The firm, based on the expertise of its founders, recognized the importance of risk analysis and assessment for Information Technology at the outset and began to develop an approach integrating qualitative and quantitative techniques. Since no credible software tools were available at that time, OPA Inc. undertook the task of developing a software product and associated knowledge bases to effectively automate the task of executing qualitative and quantitative risk analysis.
To accomplish this task, OPA Inc. entered into a collaborative effort pooling expert talent from several fields. OPA Inc. sought to marry the methodologies prescribed by Federal Information Security Guidelines (FIPSPUB-65) with the technology that had emerged from the nuclear hazard industry (which, vis-a-vis the WASH 1400 project, had applied probabilistic statistical methods to nuclear risk analysis) and extensive knowledge bases developed by OPA Inc. This led to the successful release, in 1988, of the Bayesian Decision Support System (BDSS).
BDSS continues to be the leading credible application of quantitative techniques in the marketplace. This market has grown steadily as the application of statistical concepts of Information Technology management has gained greater acceptance in the business community.
Because BDSS produces quantified results stated in the language of business, i.e., monetary and probabilistic terms, the product is in accord with currently evolving business concepts. Now, given tools such as BDSS, Information Risk Management (IRM) can shed the stigmatism of being perceived solely as a cost center. IRM can, and should be, a profit center, evaluated via ROI analysis, as a value-added component of an organization's profitability.
Recent trends continue in this direction. Mr. Will Ozier, OPA Inc.'s President, chaired the ISSA Information Valuation Committee and was a driving force behind the broadly accepted Guideline for Information Valuation. In addition, Mr. Ozier chaired the GASSP Committee which developed Generally Accepted System Security Principles for information security. The GASSP Project has been revitalized as the the GAISP Project. He is a member of the revitalized GAISP Project Steering Committee. Mr. Ozier is also co-chair of the Partnership for Critical Infrastructure Security (PCIS) Working Group 1 for risk assessment and sector interdepdancies. OPA Inc. has established a leading depth of talent in the area of information valuation and security issues
Our primary mission integrates the role of software vendor with significant client support as provided through related consulting services. These services, in turn, often generate BDSS license revenues. OPA Inc. has had many successes in this area with companies such as:
o Pacific Bell o TRW Information Systems
o Pacific Gas & Electric o IBM Incorporated
o Arco Company o Chase Manhattan Bank
o The IIA o State of California
Mr. Ozier was also senior consultant for risk assessment to the recent President's Commission on Critical Infrastructure Protection (PCCIP) and principal author for the Institute of Internal Auditors' white paper "Information Security Management: A Call to Action for Corporate Governance."
The future direction of OPA, Inc. will continue this commitment to modern decision-making techniques and risk analysis. BDSS Version 2.0 has been released. This release will further support an Integrated Risk Management Architecture (IRMA) that ultimately broadens the application of BDSS to an array of business decisions.