RSS Alerts

Related Links

Related Stories

  • Through Hell and high water
    Responsive business thrives on continuity. William Knight finds that the trick to uninterrupted business is testing continuity processes before disaster strikes
  • Cloud computing in the spotlight
    Cloud computing promises cost savings and productivity benefits, but how secure is the technology? Neil Stinchcombe investigates
  • US standards drive Canadian information security
    An absence of legislation and the presence of the laissez-faire attitude has resulted in Canada being rather lax when it comes to information security compliance. Robin Arnfield looks at how US standards are driving the Canadian information security marketplace
  • Complying to a false sense of security
    Simply ticking the boxes to comply with legislation can give companies a false sense of security, finds Wendy M. Grossman
  • Financial exposure
    Wireless networks are an essential cog in large, modern businesses. But if left unsecured, they leave companies vulnerable, especially in a city abundant with close, competing companies, finds Cath Everett

News

ISACA unveils new IT security business model

29 January 2009

ISACA, the Information Systems Audit and Control Association, has developed a new business model for IT security.

The idea behind the model - which will be distributed to the not-for-profit IT security association's 86 000-plus members worldwide - is to act as a benchmark as members develop and evolve IT security policy strategies within their organisations.

According to Jo Stewart-Rattray, ISACA's security management committee chairperson, IT security managers spend too much of their time reacting and applying short-term, technology-focused fixes to rapidly changing threats and regulatory and technological environments.

"These solutions are deficient because many security weaknesses result from poor governance, a dysfunctional culture or untrained staff - all aspects that ISACA Information Security Model addresses, she says.

The model, says Stewart-Rattray, who is director of information security at RSM Bird Cameron in Adelaide, Australia, and was appointed director of ISACA last July, can be applied in enterprises of all sizes and, perhaps more importantly, with any other ITsec framework already in place.

Infosecurity notes that the model includes traditional IT security, and also privacy, and linkages to risk, physical security and compliance.
 

 

This article is featured in:
Compliance and Policy

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water