ISACA says latest Ponemon report highlights need for governance

According to the association, the report has been commended for the detail it provides on the indirect costs of IT security attacks, as well as the news that organisations are focusing more resources on their security forensics and detection methodologies.

As noted yesterday in the Second Annual Cost of Cybercrime report, the cost of electronic crime has increased 56% from 2010, with the increase in costs causing problems on both sides of the public/private sector divide.

The HP Arcsight-sponsored report - which took in responses from 50 organisations - also found that the median annualised cost of cybercrime to organisations is now $5.9 million a year.

According to Rolf von Roessing, a member of ISACA's COBIT security task force, the report strengthens the on-going commitment that ISACA has to educate business professionals on the need for security planning and, by implication, enterprise governance of IT.

"With nearly 100,000 members, our not-for-profit information security, assurance and governance association is well placed to provide the education that is required to improve the governance, risk management and compliance requirements that this report identifies as being central to countering the costly problem of cybercrime", he said.

Von Roessing went on to say that these issues are central to ISACA's strategy with its globally respected COBIT framework, version 5 of which is available for discussion until September 18.

COBIT, he explained, is a supporting tool set that allows managers to bridge the gap among control requirements, value creation, technical issues and business risks in their organisation.

Part of the framework's benefits, said von Roessing, is that it delivers the most up-to-date thinking in enterprise governance and security management.

"COBIT supports the development of clear policies and good practice for management, as well as increasing the value they achieve from their IT and compliance," he said, adding that the just-issued Ponemon report confirms the need for networking intelligence, security event management, governance, risk management and compliance.

At the same time, von Roessing said that the Ponemon report identifies the downward pressure on costs associated with these vital security activities in the enterprise environment.

This is, he explained, where COBIT's advantages enter the frame, since it allows management to plan and deploy their security systems and technologies in the most effective manner possible.

According to von Roessing, any organisation can throw unlimited money and resources at a problem and potentially lose a lot. However, deploying effective information security with a reasonable cost-benefit ratio requires more than that: planning and, by implication, effective governance and risk management.

"COBIT can greatly assist in this regard. It has built tremendous credibility through the collaborative development process that brings together the talents and expertise of security industry leaders around the world," he said.

"COBIT 5 will build and expand on COBIT 4.1 by connecting with other major frameworks, standards and resources, and integrating other ISACA guidance - including Val IT, Risk IT, the IT Assurance Framework and the Business Model for Information Security (BMIS)into one cohesive and comprehensive picture," he added.

"It will help enterprises ensure they can have trust in, and obtain value from, their information systems."



What’s Hot on Infosecurity Magazine?