|  Home   |  Forums   |  News   |  Blog   |  Reviews   |
 Satellite   Digital TV   IPTV   Cable   HDTV   Computers   Games   Mobile Phones   Broadband   Internet   Security   Telecoms   USB   VoIP   Wireless 

IT Security News feed IT Security News

All Tech News feed All Tech News

January 28, 2009

ISACA Business Model for Information Security

Bookmark and Share

by ISACA

Effectively managing information security is more critical than ever, yet—until now—there have been no comprehensive models to guide security professionals.

To fill the gap, ISACA has developed the new Business Model for Information Security.

Released today, An Introduction to the Business Model for Information Security outlines the model and provides a case study using its guidance.

The guide is available as a free download at www.isaca.org/security.

“Information security managers spend too much of their time reacting and applying short-term, technology-focused fixes to rapidly changing threats and regulatory and technological environments,” said Jo Stewart-Rattray, chair of ISACA’s Security Management Committee.

“These solutions are deficient because many security weaknesses result from poor governance, a dysfunctional culture or untrained staff—all aspects that ISACA’s Information Security Model addresses.”

The model can be used in enterprises of all sizes and with any other information security framework already in place.

It is independent of any particular technology and is applicable across all industries, countries, and regulatory and legal systems.

It includes traditional information security, and also privacy, and linkages to risk, physical security and compliance.

ISACA, a nonprofit association that serves more than 86,000 information security, assurance and IT governance professionals, based the model on the Systemic Security Management framework developed by the Institute for Critical Information Infrastructure Protection (ICIIP), which was formed by the Marshall School of Business of the University of Southern California (USA).

“This is ISACA’s first step in transforming the theoretical model into a practical tool that can be used by information security practitioners to unify security initiatives with the business mission,” said Kent Anderson, member of ISACA’s Security Management Committee.

“The ISACA model is valuable guidance because it takes a strong business-oriented approach, focusing on people and processes rather than on technology.”

An Introduction to the Business Model for Information Security is the first in a series of publications related to the model. Later this year, ISACA will release a practitioner’s guide and an executive’s guide.

Story link: ISACA Business Model for Information Security


Discuss this in the Techwatch Forums



Related news to "ISACA Business Model for Information Security"




No Comments »

No comments yet.

Leave a comment


Previous: «
Next: »

Visited 119 times, 1 so far today

Tags: ,



TechWatch © 2005-2010. All rights reserved  |  About  |  Staff  |  Privacy  |  Disclaimer  |  Press/Media  |  Contact us