Guidance Addresses Assurance, Governance, Risk and Audit
Rolling Meadows, Illinois, USA (26 August 2014)—Cybersecurity is an emerging field within information security, as cybercrime continues to increase exponentially worldwide. Governments and institutions have launched many cybersecurity initiatives, ranging from standards to comprehensive legislation and regulation. To address the need for resources in cybersecurity, global IT association ISACA has released the European Cybersecurity Implementation Series.
The series is part of ISACA’s holistic Cybersecurity Nexus (CSX), a central resource where security professionals and their enterprises can find cybersecurity research, training and community. The series provides practical implementation guidance that is aligned with European Network and Information Security Agency (ENISA), European requirements and good practices. Four white papers and an audit/assurance program are included in the series:
- European Cybersecurity Implementation: Overview—This paper provides a high-level overview of implementing cybersecurity good practice in line with existing laws, standards and other guidance. It is complemented by the three detailed white papers that focus on risk guidance, resilience and assurance in cybersecurity, as well as a European Cybersecurity Audit/Assurance Program.
- European Cybersecurity Implementation: Assurance—Enterprises need assurance over their cybersecurity activities and initiatives, as part of enterprise governance, risk and compliance (GRC). This white paper addresses cybersecurity implementation from a European perspective, including the European Union (EU) and its associated countries, to help contribute effectively to the enterprise’s protection against cyberattacks and breaches.
- European Cybersecurity Implementation: Resilience—In cybersecurity, resilience is the ability to absorb internal and external impacts, and to recover to normal operations in a controlled manner. This white paper addresses resilience in cybersecurity from a European perspective, using the EU and national approaches toward critical information infrastructure and its protection.
- European Cybersecurity Implementation: Risk—Cybersecurity risk strategies should align with the overarching enterprise risk management strategy and framework. All identified risk that is related to cybersecurity requires in-depth analysis that incorporates a number of components. This white paper will help enterprises determine a manageable set of risk, based on risk scenarios that target known risk and emerging and future risk factors that might arise in the context of cybersecurity.
- European Cybersecurity Audit/Assurance Program (available soon)—Based on ISACA’s IT Assurance Framework (ITAF), this program helps provide management with an assessment of the effectiveness of cybersecurity and related governance, management and assurance. The review focuses on cybersecurity standards, guidelines and procedures, and aligns with ISACA’s COBIT 5 framework.
“Organizations need to transform their cybersecurity to keep up with advanced threats, changing regulations and good practices, and this ISACA guidance helps them do that,” said Rolf von Roessing, CISA, CISM, CGEIT, president of Forfa AG and past international vice president of ISACA. “European organizations will find valuable implementation guidance in these white papers that are aligned with ENISA and EU requirements.”
The white papers are free to ISACA members and nonmembers and can be found at www.isaca.org/whitepapers. ISACA audit/assurance programs are free to ISACA members, are available for purchase by nonmembers and can be found at www.isaca.org/auditprograms.
ISACA’s CSX can be found at www.isaca.org/cyber. Current and upcoming CSX materials include the Cybersecurity Fundamentals Certificate study guide and the Cybersecurity Fundamentals Certificate exam (October 2014).
Additional COBIT 5 resources can be found at www.isaca.org/COBIT.
With more than 115,000 constituents in 180 countries, ISACA (www.isaca.org) helps business and IT leaders build trust in, and value from, information and information systems. Established in 1969, ISACA is the trusted source of knowledge, standards, networking, and career development for information systems audit, assurance, security, risk, privacy and governance professionals. ISACA offers the Cybersecurity Nexus, a comprehensive set of resources for cybersecurity professionals, and COBIT, a business framework that helps enterprises govern and manage their information and technology. ISACA also advances and validates business-critical skills and knowledge through the globally respected Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in the Governance of Enterprise IT (CGEIT) and Certified in Risk and Information Systems Control (CRISC) credentials. The association has more than 200 chapters worldwide.
Participate in the ISACA Knowledge Center: www.isaca.org/knowledge-center
Follow ISACA on Twitter: https://twitter.com/ISACANews
Join ISACA on LinkedIn: ISACA (Official), http://linkd.in/ISACAOfficial
Like ISACA on Facebook: www.facebook.com/ISACAHQ
Joanne Duffer, +1.847.660.5564, firstname.lastname@example.org
Kristen Kessinger, +1.847.660.5512, email@example.com