Firms offered free enterprise security model


Firms offered free enterprise security model

Antony Savvas

Security standards body ISACA has developed the new business model for information security.

The free model can be used in enterprises of all sizes and with any other information security framework already in place. It is independent of any particular technology and is applicable across all industries, countries, and regulatory and legal systems, said ISACA.

It covers traditional information security, privacy, risk, physical security and compliance.

"Information security managers spend too much of their time reacting and applying short-term, technology-focused fixes to rapidly changing threats and regulatory and technological environments," said Jo Stewart-Rattray, chair of ISACA's security management committee.

"These solutions are deficient because many security weaknesses result from poor governance, a dysfunctional culture or untrained staff - all aspects that ISACA's new business model addresses."

Kent Anderson, a member of ISACA's security management committee, said, "This is ISACA's first step in transforming the theoretical model into a practical tool that can be used by information security practitioners to unify security initiatives with the business mission.

"The ISACA model is valuable guidance because it takes a strong business-oriented approach, focusing on people and processes rather than on technology."

The guide is available as a free download.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy