Related Links

  • ISACA UK Chapters
  • Reed Exhibitions Ltd is not responsible for the content of external websites.

Top 5 Stories


ISACA unveils new IT security business model

29 January 2009

ISACA, the Information Systems Audit and Control Association, has developed a new business model for IT security.

The idea behind the model - which will be distributed to the not-for-profit IT security association's 86 000-plus members worldwide - is to act as a benchmark as members develop and evolve IT security policy strategies within their organisations.

According to Jo Stewart-Rattray, ISACA's security management committee chairperson, IT security managers spend too much of their time reacting and applying short-term, technology-focused fixes to rapidly changing threats and regulatory and technological environments.

"These solutions are deficient because many security weaknesses result from poor governance, a dysfunctional culture or untrained staff - all aspects that ISACA Information Security Model addresses, she says.

The model, says Stewart-Rattray, who is director of information security at RSM Bird Cameron in Adelaide, Australia, and was appointed director of ISACA last July, can be applied in enterprises of all sizes and, perhaps more importantly, with any other ITsec framework already in place.

Infosecurity notes that the model includes traditional IT security, and also privacy, and linkages to risk, physical security and compliance.

This article is featured in:
Compliance and Policy


Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×