RSS Alerts

Share

More services

Related Links

  • ISACA UK Chapters
  • Elsevier Ltd is not responsible for the content of external websites.

Related Stories

  • Through Hell and high water
    Responsive business thrives on continuity. William Knight finds that the trick to uninterrupted business is testing continuity processes before disaster strikes
  • Spotlight on Cloud Computing: The Great Data Center Debate
    Handing over your data to a cloud provider may appear almost irresistible from a cost perspective, but what about the security and compliance concerns? Kevin Townsend examines both sides of the argument
  • Spotlight on Cloud Computing: The Great Data Center Debate
    Handing over your data to a cloud provider may appear almost irresistible from a cost perspective, but what about the security and compliance concerns? Kevin Townsend examines both sides of the argument
  • Social networking: The ‘what not to do’ guide for organisations
    Sales and marketing executives are getting excited about social media, and savvy IT professionals are backing them up. There has been a sea change in the last three months, as Twitter, in particular, takes the corporate world by storm. Infosec professionals are left wondering whether social networking is leading the way, or in the way. Brian McKenna reports
  • Cloud computing in the spotlight
    Cloud computing promises cost savings and productivity benefits, but how secure is the technology? Neil Stinchcombe investigates

Top 5 Stories

News

ISACA unveils new IT security business model

29 January 2009

ISACA, the Information Systems Audit and Control Association, has developed a new business model for IT security.

The idea behind the model - which will be distributed to the not-for-profit IT security association's 86 000-plus members worldwide - is to act as a benchmark as members develop and evolve IT security policy strategies within their organisations.

According to Jo Stewart-Rattray, ISACA's security management committee chairperson, IT security managers spend too much of their time reacting and applying short-term, technology-focused fixes to rapidly changing threats and regulatory and technological environments.

"These solutions are deficient because many security weaknesses result from poor governance, a dysfunctional culture or untrained staff - all aspects that ISACA Information Security Model addresses, she says.

The model, says Stewart-Rattray, who is director of information security at RSM Bird Cameron in Adelaide, Australia, and was appointed director of ISACA last July, can be applied in enterprises of all sizes and, perhaps more importantly, with any other ITsec framework already in place.

Infosecurity notes that the model includes traditional IT security, and also privacy, and linkages to risk, physical security and compliance.
 

This article is featured in:
Compliance and Policy

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012