Find Resources & Connect with members on topics that interest you.

AI - Acquire and Implement

PO - Plan and Organize

DS - Deliver and Support

Please sign in to see your topics.

You must be logged in to join this group.

Information Security Management

Welcome to the Information Security Management topic!

Collaborate, contribute, consume and create knowledge around topics such as cloud computing, application security, vulnerability management, PCI, and data protection.

ISACA members can participate by clicking on the “Join this Community” button. You must be signed into the site. Set your alerts to be notified of new discussion activity within this community. Not an ISACA member? Join now!

This Topic Has:
1250 Members
3 Online
12393 Visits

Community Leader

Marc Vael

Marc Vael

Title: Chief Audit Executive

Badge: Influential

Ross Peachey

Ross Peachey

Badge: Energizer



Badge: Social



Badge: Influential


NEW! Activity Badges

Badges help others understand your level of community activity and your reputation as a contributor within the Knowledge Center. Learn More.

Discussions: 105 total

Must be a Topic member to contribute
View All »
what is the ideal job description for Head of information security
Tarek EL-Sherif | 5/22/2016 6:40:22 AM | COMMENTS(3)
what is the ideal job description for Head of information security to setup a new infosec team in a bank, i need the job description to submit it to HR dept. to Determine the job weight and set a suitable corporate title for this position.
Tarek EL-Sherif | 5/22/2016 5:50:52 AM | COMMENTS(0)
Auditor: "Please show me your CIs for the end-to-end service chain for application XXX (from application to physical tin in the data centre)."  Response: "No, we can't do that, it's physically impossible."  Are we so caught up in automated solutions and p...
Phil Green | 5/5/2016 3:37:24 AM | COMMENTS(0)
We all know change control starts from a request (whether it's a user request or business request), however recently in a discussion with auditors they are saying there should be a control in place to address the "authorization of the request"- let it be ...
ShanShan | 5/3/2016 1:55:51 PM | COMMENTS(0)
I am looking for template or any advice from you regarding IT control KPI if functions are distributed on the basis of ISO 27002. Thank you in advance!
Tomas Martinkenas | 4/26/2016 7:17:53 AM | COMMENTS(0)
ISO 27001 internal audits can be a strain on resource, especially if as Information Security Manager you are responsible for creating the schedules and scopes aligned to the standard. So how do you main integrity and impartiality when your organisation do...
Len Shingler | 4/11/2016 7:23:26 AM | COMMENTS(1)

Documents & Publications: 206 total

Must be a Topic member to contribute
View All »
Posted by ISACA 8 days ago
Posted by ISACA 78 days ago
Posted by ISACA 123 days ago

Events & Online Learning: 14 total

Journal Articles: 238 total

Volume 3, 2016
by Devassy Jose Tharakan, CISA, ISO 27001 LA, ITIL, PMP
Organizations that do not position their information security group (ISG) strategically within the organization’s structure often fail to receive the desired benefits.
Volume 3, 2016
Get to know your network.
Volume 3, 2016
by Steven J. Ross, CISA, CISSP, MBCP
Targeted attacks by powerful enemies are forcing us to reconsider almost everything we thought we knew about protecting information resources.
Volume 3, 2016
by Aleksandr Kuznetcov, CISM
This article addresses an existing imbalance between technical issues and process aspects related to SIEM.
Volume 2, 2016
by Jeroen van Lewe, CISA, CEH, CIA, ECSA
In the Netherlands, large-scale cyberattacks on government web sites began in 2011. In 2012, the Dutch government decided to use IT audits as one of the remedies for this issue.
Volume 2, 2016
by Shubhamangala B. R. and Snehanshu Saha, Ph.D.
Why are breaches continuing despite deploying cutting-edge solutions supported by compliance to thwart the attacks?

Wikis: 2 total

Blog Posts: 132 total

Lately I have received a number of questions and concerns around NIST 800-171 so I wanted to write a quick brief on what you need to know.What is NIST 800-171?This is a special publication released by the National Institute of Standards and Technology (NI...
Posted By : Justin238 | 0 comments
And so to begin. Let's look at taxonomy. The names and definitions of things that will guide us in our time together. Since this is a blog about Privacy, lets start the definitions there. According to Merriam-Webster, Privacy is a noun that means "The ...
Posted By : HPMahan | 0 comments
1. Objective and Convergence of BYOD According to PCWorld definition; BYOD —also called bring your own technology (BYOT), bring your own phone (BYOP), and bring your own PC (BYOPC)—refers to the policy of permitting employees to bring personally owned mo...
Posted By : Navid Baradaran | 0 comments
Disclaimer: This only represent my experience Views and opinion Introduction Information Security Manager’s oversee information security programs which includes network security in organisations or business enterprises. With documented knowledge ab...
Posted By : Prince143 | 0 comments
I must be honest and say that up until the day I saw the advert inviting applications for trainee IT Analyst positions in one of the members of the Big-4 that operate in Swaziland, I had no clue about the exciting world of assurance in IT. I had always vi...
Posted By : Tipho217 | 0 comments
If life were a comic book, I would be the Villain ‘Two-Face’. My career as a Privacy and Information Security professional brings me into a constant battle between my role as an advocate for keeping information secret and a defender of Security. The str...
Posted By : HPMahan | 0 comments