New ISACA Guide Helps Enterprises Create Culture of Security

TPL_WARP_ON .

Taken from BlogRolling Meadows, IL, USA (23 May 2011)—The Business Model for Information Security, a model released by independent nonprofit membership association ISACA, which developed and updates COBIT, urges enterprises to adopt an intentional culture of security. A new guide from ISACA, titled Creating a Culture of Security, explains how enterprises can put one in place.

 

“Every enterprise has a corporate culture and a component of that is its security culture,” said Steven Ross, CISA, CBCP, CISSP, author of the book and founder of Risk Masters, Inc . “A security culture exists in every enterprise, and it is to the organization’s benefit to ensure that it is an intentional culture promoting strong, consistent and well-organized security.”

 

The book outlines:

  • The benefits of an intentional culture of security
  • Inhibitors to a culture of security
  • How to create an intentional security culture
  • How to institutionalize and sustain the intentional security culture

 

“The first step to creating an intentional security culture is a clear-eyed assessment of the current state of the security culture and understanding management’s intentions regarding security,” said Ross. “This will help illuminate the gaps between expectations and reality.”

 

Creating a Culture of Security is available from www.isaca.org/research. The e-book is free to ISACA members and US $50 for nonmembers.

 

CISA 

ISACA geeft examentrainingen om de titel CISA te mogen voeren. CISA is een wereldwijd erkend certificaat voor IS audit control. Het toont aan dat u de benodigde ervaring, skills en kennis heeft om veiligheidsrisico's te detecteren en betrouwbare audits uit te voeren.

Lees meer over de CISA-training

CISM

Als CISM bent u in staat om zelfstandig informatieveiligheid te analyseren. ISACA verzorgt een examentraining voor CISM, die zowel ruimte biedt voor het bijspijkeren van kennis als concrete oefeningen voor het examen.

Lees meer over de CISM examentraining