New ISACA Guide Helps Enterprises Create Culture of Security

Taken from BlogRolling Meadows, IL, USA (23 May 2011)—The Business Model for Information Security, a model released by independent nonprofit membership association ISACA, which developed and updates COBIT, urges enterprises to adopt an intentional culture of security. A new guide from ISACA, titled Creating a Culture of Security, explains how enterprises can put one in place.


“Every enterprise has a corporate culture and a component of that is its security culture,” said Steven Ross, CISA, CBCP, CISSP, author of the book and founder of Risk Masters, Inc . “A security culture exists in every enterprise, and it is to the organization’s benefit to ensure that it is an intentional culture promoting strong, consistent and well-organized security.”


The book outlines:

  • The benefits of an intentional culture of security
  • Inhibitors to a culture of security
  • How to create an intentional security culture
  • How to institutionalize and sustain the intentional security culture


“The first step to creating an intentional security culture is a clear-eyed assessment of the current state of the security culture and understanding management’s intentions regarding security,” said Ross. “This will help illuminate the gaps between expectations and reality.”


Creating a Culture of Security is available from The e-book is free to ISACA members and US $50 for nonmembers.