Find Resources & Connect with members on topics that interest you.

AI - Acquire and Implement

PO - Plan and Organize

DS - Deliver and Support

Please sign in to see your topics.

You must be logged in to join this group.

Information Security Management

Welcome to the Information Security Management topic!

Collaborate, contribute, consume and create knowledge around topics such as cloud computing, application security, vulnerability management, PCI, and data protection.

ISACA members can participate by clicking on the “Join this Community” button. You must be signed into the site. Set your alerts to be notified of new discussion activity within this community. Not an ISACA member? Join now!

This Topic Has:
1342 Members
5 Online
13319 Visits

Community Leader

Marc Vael

Marc Vael

Title: Chief Audit Executive

Badge: Energizer

Ross Peachey

Ross Peachey

Badge: Energizer



Badge: Social



Badge: Influential


NEW! Activity Badges

Badges help others understand your level of community activity and your reputation as a contributor within the Knowledge Center. Learn More.

Discussions: 119 total

Must be a Topic member to contribute
View All »
I'm currently reviewing the information security function within our organization. I have now the IS charter and the IS program. Upon checking the charter, it says that "the IS Program shall adopt a risk based approach." However, upon checking the IS Prog...
Edzern | 3/28/2017 3:00:31 AM | COMMENTS(2)
What is the information security perspective if the customers reported receiving SMS for transactions they had not performed where this transactions for others customers and sent to them by system error ?
Tarek EL-Sherif | 3/12/2017 5:09:39 AM | COMMENTS(0)
Boards of Director are taking an increasingly active role in cybersecurity governance.  The question is: what are they looking for and how should you manage your security program to meet their needs? This topic has been addressed in the “Cyber-Risk Oversi...
Ramakrishna593 | 2/23/2017 1:04:30 AM | COMMENTS(0)
How do you ensure vulnerabilities in your organisation are identified and fixed efficiently? I work in a relatively large organisation (about 4500 employees/about 7000 devices by IP). When we perform vulnerability scans; they always come out with more tha...
Eliud433 | 1/17/2017 6:54:38 AM | COMMENTS(0)
What is the difference between IT Security and IT Risk ?
Tarek EL-Sherif | 1/17/2017 12:43:14 AM | COMMENTS(11)
Hello all, I am searching information regarding topic of Cyber Security Capability Maturity Models. Currently analyzing:> Electricity Subsector Cybersecurity Capability Maturity MODEL (ES-C2M2) as main background document;> ISO/IEC 33071 DIS PAS Informati...
Tomejus | 12/4/2016 6:20:13 AM | COMMENTS(4)

Documents & Publications: 139 total

Must be a Topic member to contribute
View All »
In 2017, Attacks will follow your Data Cyberthreats : What's Coming Next and how to prepare for it.
Posted by Mohamad Javed 50 days ago
A turning point for eGovernment development in Europe?
Posted by Mohamad Javed 51 days ago
How to Protect Yourself and Your Family Worth Spending some time on this Release from Cisco on How to Protect yourself. How do websites collect information? Why do websites collect information about you? What information do websites collect from your computer? Google Analytics How can you give or deny permission to collect information about you?
Posted by Mohamad Javed 51 days ago
Posted by ISACA 54 days ago
Posted by ISACA 173 days ago

Events & Online Learning: 20 total

16 Mar 2015
ISACA International Event
Orlando, FL, USA
15 Jun 2015
ISACA International Event
Ciudad de México, Mexico
21 Sep 2015
ISACA International Event
Miami, FL, USA
21 Sep 2015
ISACA International Event
06010 Mexico City, Panama
La Conferencia Latinoamericana CACS/ISRM

Journal Articles: 277 total

Volume 2, 2017
by Steven J. Ross, CISA, CISSP, MBCP
It is those three dots that save me from accusations of rank lunacy. (Oh, well, from accusations based on this subject.)
Volume 2, 2017
by Mukul Pareek, CISA, ACA, ACMA, PRM
Most security metrics programs are typically based on two assumptions: There is a secure way to manage any system, and the task of security management is to maintain that state.
Volume 2, 2017
by Shan Senanayake, CISA, CRISC, CISSP
Get to know your network.
Volume 2, 2017
by Farewell Ron Hale
ISACA is grateful to Ron Hale for his years of knowledge, leadership and dedication.
Volume 2, 2017
by Jo Anna Bennerson, CISA, CGEIT, CPA, ITILv3, PMP
This article discusses approaches to increase an information security professional’s knowledge about the US federal government ATO security authorization process and one’s duties in the narrow US federal government industry.
Volume 1, 2017
Now that senior executives have begun to take a serious interest in cyber and technology risk, it is necessary to provide meaningful and useful answers to the questions they are beginning to ask.

Wikis: 2 total

Blog Posts: 170 total

Now a days, cyber security is often used interchangeably with the information security and sometime they feel that cyber security is more in fashion and have better market value than information security, so they prefered to use the cyber security term in...
Posted By : Muhammad Irfan Bashir | 0 comments
Senior Manager           ultimate responsibility Information security Officer          functional responsibility Security Analyst           Strategic, develops policies and guidelines Owner         - Responsible for asset         - Determine level of clas...
Posted By : Muhammad554 | 0 comments
Manejo de TI interno. El tener toda la estructura de TI internamente, sin subcontrataciones, puede dar una acumulación de problemas difíciles de manejar para una sola organización.Asociaciones con contrapartes. Al trabajar en un proyecto conjunto con una...
Posted By : Gladys789 | 0 comments
  Vulnerator es una herramienta que ha sido creada para apoyar a la DoD –  Departamento de Defensa de Estados Unidos  para analizar la seguridad informática y verificar los datos de vulnerabilidades de las numerosas fuentes que va recibiendo las siguentes...
Posted By : Gladys789 | 0 comments
The DoT (Department of Telecommunications) in India has enforced the telecom operators holding license(s) to ensure that they comply to security amendment dated 31st May 2011, likewise Ofcom in UK and other nations has got regulatory compliance for teleco...
Posted By : rasoolirfan | 0 comments
Here in my country (Hungary) state offices still tend to take mother's maiden name as an identifying information of an individual. [] Besides the fact that i...
Posted By : Karoly Arnhoffer | 0 comments