Find Resources & Connect with members on topics that interest you.

AI - Acquire and Implement

PO - Plan and Organize

DS - Deliver and Support

Please sign in to see your topics.

You must be logged in to join this group.

Information Security Management

Welcome to the Information Security Management topic!

Collaborate, contribute, consume and create knowledge around topics such as cloud computing, application security, vulnerability management, PCI, and data protection.

ISACA members can participate by clicking on the “Join this Community” button. You must be signed into the site. Set your alerts to be notified of new discussion activity within this community. Not an ISACA member? Join now!

This Topic Has:
920 Members
1 Online
9955 Visits

 Recent Discussions

InfoSec models inter-relationship mappings. Posted by Glory Idehen.
Cyber Alert Levels. Posted by Ross Peachey.
IT Risk Assessment Service Selection Criteria. Posted by chungangus.

Community Leader

Farooq Wahab Naiyer
Marc Vael

Marc Vael

Badge: Influential

Ross Peachey

Ross Peachey

Badge: Social



Badge: Influential


NEW! Activity Badges

Badges help others understand your level of community activity and your reputation as a contributor within the Knowledge Center. Learn More.

Discussions: 67 total

Must be a Topic member to contribute
View All »
I am looking for mapping of SABSA attributes taxonomy to ISO 27001's PDCA, ITIL & COBIT 5 models.
Glory Idehen | 10/8/2014 11:13:35 PM | COMMENTS(7)
Many organisations publish "cyber alert levels" which are intended to represent the severity of the current threat environment. However, on the face of it, I question whether these measures are actionable. Seem to be more of a marketing gimmic. I'm not...
Ross Peachey | 9/25/2014 6:21:45 AM | COMMENTS(0)
I am going to have the consultant to perform a holistic IT risk assessment for the company, what factors will you consider in picking the best vendor to offer the service? Vendor size, brand, personnel professionalism, reference, cost? Anything else? It i...
chungangus | 9/25/2014 12:05:36 AM | COMMENTS(3)
Our healthcare organization is reorganizing its overall reporting structures to include IS Security.  We currently report to the VP/CIO.  We would appreciate hearing from others what model(s) are in use for IS Security reporting. Thank you
grayowl | 9/25/2014 12:02:55 AM | COMMENTS(2)
I am reviewing an existing security process in the ITIL framework.  All new services have to go through a security checklist before the service going to launch in the service catalog. I am thinking any standard template or methodology we have to follow? I...
chungangus | 9/18/2014 6:20:17 AM | COMMENTS(2)
On of the biggest impacts in the ISO 27001:2013 standard is the omission of the words "asset based" in the requirements of risk assessment. Risk assessment may still be asset based, but as of chapter 4 (Context of the organization) risks are much more end...
Koen Béroudiaux | 9/18/2014 6:15:39 AM | COMMENTS(3)

Documents & Publications: 181 total

Must be a Topic member to contribute
View All »
Posted by ISACA 29 days ago
Posted by ISACA 29 days ago
Posted by ISACA 29 days ago

Events & Online Learning: 20 total

19 Aug 2013
ISACA International Event
San Francisco, CA, USA
14 Oct 2013
ISACA International Event
Boston, MA, USA
6 Nov 2013
ISACA International Event
Las Vegas, NV, USA
North America ISRM features relevant security and risk management topics presented by leading industry experts and practitioners.

Journal Articles: 500 total

Volume 5, 2014
by William Emmanuel Yu, Ph.D., CISM, CRISC, CISSP, CSSLP
As enterprises attempt to determine the best ways of handling today’s bring your own device (BYOD) trends, they also realize the potential for mobilizing their existing enterprise systems and applications.
Volume 5, 2014
by Giuliano Pozza
The discussion around bring your own device (BYOD) policies is often focused on topics such as the opportunity, risk and security implications of using personal devices and user apps in the business context.
Volume 5, 2014
by Steven J. Ross, CISA, CISSP, MBCP
“CERT,” in the context of information security, is a term with a long and noble pedigree.
Volume 5, 2014
by John Simiyu Masika, CISA, CISM
Leading change means putting in place systematic processes aimed at transforming the information security management and practices within the organisation.
Volume 5, 2014
by Ed Gelbstein, Ph.D.
There are three domains that impact information security.
Volume 5, 2014
by Thomas Borton, CISA, CISM, CRISC, CISSP
Get to know your network.

Wikis: 2 total

Blog Posts: 128 total

23 Oct 2014
Posted By : masarker | 4 comments
There is always a need to understand and practice the correct terminology for security assessment. Throughout your career, you may run into commercial grade companies and non-commercial organizations that are likely to misinterpret the term penetration t...
Posted By : Rungga | 1 comments
14 Oct 2014
For those new to PCI Compliance (either a new QSA or other interested party) I have put together a general PCI Compliance Wiki to quickly cover the basis of PCI Compliance. •PCI DSS Standards Overview •History of PCI DSS •Who has to...
Posted By : Stewart141 | 0 comments
and Become More Secure As a penetration tester I find it TOO EASY to fully compromise an internal network – without finding a single “vulnerability”! I spend most of my time on two types of engagements — PCI projects and penetration tests. The pe...
Posted By : Stewart141 | 0 comments
Kali Linux is a versatile operating system that comes with a number of security assessment and penetration testing tools. Deriving and practicing these tools without a proper framework can lead to unsuccessful testing and might produce unsatisfied resul...
Posted By : Rungga | 0 comments
7 Sep 2014
Now a days, you don’t need to be a IT guru or best software programmer to access /control other personal/organization data. If you follow below techniques, you can easily get confidential information. 1. Masquerading 2. Tailgeting (Piggy back) 3. Dum...
Posted By : Shaklain | 0 comments