Press Release


 ISACA Issues COBIT 5 for Information Security 

Survey: Data leaks, employee error, BYOD top list of security threats   

San Francisco, CA, USA (25 June 2012, INSIGHTS 2012)—Today at the INSIGHTS 2012 conference, ISACA released COBIT 5 for Information Security, which builds on the recently released COBIT 5 framework to provide practical guidance for those interested in security at all levels of an enterprise. ISACA’s COBIT 5 framework is the only business framework for the governance and management of enterprise IT.

In the past year, close to one in four (22%) enterprises has experienced a security breach and 21% have faced mobile device security issues, according to a global survey of more than 3,700 IT professionals who are members of ISACA. In the next 12 months, data leaks and employee-related issues top the list of hot-button IT issues most likely to challenge an organization’s network security. The threats were ranked in the following order:

  • Data leakage (loss or breach) 17%
  • Inadvertent employee mistakes 16%
  • Incidents related to employees’ personal devices (BYOD): 13%
  • Cloud computing 11%
  • Cyber attacks 7%
  • External hacking 5%
  • Disgruntled employee 5%
  • All of the above 19% 

“COBIT 5 for Information Security can help enterprises reduce their risk profile by managing security appropriately. Information and related technologies are increasingly core to the enterprise, but information security is core to stakeholder trust,” said Christos Dimitriadis, CISA, CISM, CRISC, international vice president of ISACA. “With professionals from more than 40 countries gathering at INSIGHTS 2012, this is the ideal venue to release the latest expert advice.”

COBIT 5 for Information Security is available from ISACA, a nonprofit global association of 100,000 IT governance professionals. The guide is divided into three major sections: Information Security, Using COBIT 5 Enablers for Implementing Information Security in Practice, and Adapting COBIT 5 for Information Security to the Enterprise Environment.

 This latest guide is part of the comprehensive COBIT 5 family of publications. It provides additional guidance on the enablers within the COBIT framework and equips security professionals with the knowledge they need to use COBIT for more effective delivery of business value.

“The governance and management of information and technology is a large and complex topic. COBIT helps counter that complexity through relevant, effective and simple-to-use business guidance on specific areas within information systems. COBIT 5 for Information Security provides the security-specific perspective of this important business tool, and was designed in response to heavy demand for security guidance that integrates other major frameworks and standards,” said Greg Grocholski, CISA, international president of ISACA and chief audit executive at Dow Chemical.

COBIT 5 provides globally accepted principles, practices, analytical tools and models designed to help business and IT leaders maximize trust in, and value from, their enterprise’s information and technology assets. The framework and related documents have been downloaded more than 70,000 times in the two months since its release.

COBIT 5 for Information Security is available for US $35 to ISACA members and US $175 for nonmembers at The COBIT 5 framework is available as a free download. View full survey results and graphics.



With more than 100,000 constituents in 180 countries, ISACA ( is a leading global provider of knowledge, certifications, community, advocacy and education on information systems (IS) assurance and security, enterprise governance and management of IT, and IT-related risk and compliance. Founded in 1969, the nonprofit, independent ISACA hosts international conferences, publishes the ISACA Journal, and develops international IS auditing and control standards, which help its constituents ensure trust in, and value from, information systems. It also advances and attests IT skills and knowledge through the globally respected Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in the Governance of Enterprise IT (CGEIT) and Certified in Risk and Information Systems Control (CRISC) designations.

ISACA continually updates and expands the practical guidance and product family based on the COBIT framework. This helps IT professionals and enterprise leaders fulfill their IT governance and management responsibilities, particularly in the areas of assurance, security, risk and control, and deliver value to the business.

Participate in the ISACA Knowledge Center:

Follow ISACA on Twitter:

Join ISACA on LinkedIn: ISACA (Official),   

Like ISACA on Facebook:



Kristen Kessinger, +1.847.660.5512,

Joanne Duffer, +1.847.660.5564,

Marv Gellman, +646.935.3907,