Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Free guide to business models for information security

ISACA : 29 January, 2009  (New Product)
ISACA has released a comprehensive guide to creating information security models for security professionals available as a free download
Effectively managing information security is more critical than ever, yet until now there have been no comprehensive models to guide security professionals. To fill the gap, ISACA has developed the new Business Model for Information Security. Released today, An Introduction to the Business Model for Information Security outlines the model and provides a case study using its guidance. The guide is available as a free download at the ISACA web site.

"Information security managers spend too much of their time reacting and applying short-term, technology-focused fixes to rapidly changing threats and regulatory and technological environments," said Jo Stewart-Rattray, chair of ISACA's Security Management Committee. "These solutions are deficient because many security weaknesses result from poor governance, a dysfunctional culture or untrained staff—all aspects that ISACA's Information Security Model addresses."

The model can be used in enterprises of all sizes and with any other information security framework already in place. It is independent of any particular technology and is applicable across all industries, countries, and regulatory and legal systems. It includes traditional information security, and also privacy, and linkages to risk, physical security and compliance.

ISACA, a nonprofit association that serves more than 86,000 information security, assurance and IT governance professionals, based the model on the Systemic Security Management framework developed by the Institute for Critical Information Infrastructure Protection (ICIIP), which was formed by the Marshall School of Business of the University of Southern California (USA).

"This is ISACA's first step in transforming the theoretical model into a practical tool that can be used by information security practitioners to unify security initiatives with the business mission," said Kent Anderson, member of ISACA's Security Management Committee. "The ISACA model is valuable guidance because it takes a strong business-oriented approach, focusing on people and processes rather than on technology."

An Introduction to the Business Model for Information Security is the first in a series of publications related to the model. Later this year, ISACA will release a practitioner's guide and an executive's guide.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo