Taken from BlogRolling Meadows, IL, USA (23 May 2011)—The Business Model for Information Security, a model released by independent nonprofit membership association ISACA, which developed and updates COBIT, urges enterprises to adopt an intentional culture of security. A new guide from ISACA, titled Creating a Culture of Security, explains how enterprises can put one in place.
“Every enterprise has a corporate culture and a component of that is its security culture,” said Steven Ross, CISA, CBCP, CISSP, author of the book and founder of Risk Masters, Inc . “A security culture exists in every enterprise, and it is to the organization’s benefit to ensure that it is an intentional culture promoting strong, consistent and well-organized security.”
The book outlines:
- The benefits of an intentional culture of security
- Inhibitors to a culture of security
- How to create an intentional security culture
- How to institutionalize and sustain the intentional security culture
“The first step to creating an intentional security culture is a clear-eyed assessment of the current state of the security culture and understanding management’s intentions regarding security,” said Ross. “This will help illuminate the gaps between expectations and reality.”
Creating a Culture of Security is available from www.isaca.org/research. The e-book is free to ISACA members and US $50 for nonmembers.