Find Resources & Connect with members on topics that interest you.

AI - Acquire and Implement

PO - Plan and Organize

DS - Deliver and Support

Please sign in to see your topics.

You must be logged in to join this group.

Information Security Management

Welcome to the Information Security Management topic!

Collaborate, contribute, consume and create knowledge around topics such as cloud computing, application security, vulnerability management, PCI, and data protection.

ISACA members can participate by clicking on the “Join this Community” button. You must be signed into the site. Set your alerts to be notified of new discussion activity within this community. Not an ISACA member? Join now!

This Topic Has:
1274 Members
0 Online
12604 Visits

Community Leader

Marc Vael

Marc Vael

Title: Chief Audit Executive

Badge: Influential

Ross Peachey

Ross Peachey

Badge: Energizer



Badge: Social



Badge: Influential


NEW! Activity Badges

Badges help others understand your level of community activity and your reputation as a contributor within the Knowledge Center. Learn More.

Discussions: 110 total

Must be a Topic member to contribute
View All »
Would anyone be kind to advise on how a Business Analyst can support a Cyber Security project mainly looking at Data Loss Prevention through Email and Web Services Security. The key is how to gather security requirements especially where an MSSP and SIEM ...
Abayomi786 | 7/23/2016 3:39:45 AM | COMMENTS(0)
What is best practice to trace Developers' Access to Production Environment for any given application? 
Jothirao | 7/21/2016 5:05:30 AM | COMMENTS(5)
Hello all, I am interested in question of your known best practice of IT security place in organizational structure. Wondering to know your thoughts regarding this and thank you in advance! -T.
Tomas Martinkenas | 7/11/2016 2:20:06 AM | COMMENTS(1)
Hi All, There's alot of theory thrown around about ROSI. In theory it makes sense. But using these ideas seems problematic in practice. For one thing, ROSI relies on not one, but TWO risk estimates (current and residual).  It's rare to see formal calculat...
Ross Peachey | 6/5/2016 7:11:49 AM | COMMENTS(0)
We all know change control starts from a request (whether it's a user request or business request), however recently in a discussion with auditors they are saying there should be a control in place to address the "authorization of the request"- let it be ...
ShanShan | 6/2/2016 11:53:51 AM | COMMENTS(2)
I need information about typical organizational structure of information security areas in commercial airlines. Thanks
rsabella24 | 5/29/2016 9:22:52 AM | COMMENTS(1)

Documents & Publications: 206 total

Must be a Topic member to contribute
View All »
Posted by ISACA 67 days ago
Posted by ISACA 137 days ago
Posted by ISACA 182 days ago

Events & Online Learning: 16 total

Journal Articles: 244 total

Volume 4, 2016
by Vincent Kha, CISM, GPEN, MCTS, OWSP
For many information systems auditors, reviewing domain accounts in an Active Directory (AD) environment is sufficient for testing controls around user authentication.
Volume 4, 2016
by Debbie Newman, CISA
Get to know your network.
Volume 4, 2016
by Mohammed J. Khan, CISA, CRISC, CIPM
It is imperative that IT auditors work with all teams within the organization responsible for the development of mobile apps—business, IT development, IT security, legal and compliance.
Volume 4, 2016
by Steven J. Ross, CISA, CISSP, MBCP
I can hear the rejoinder now: There is no need for a chief cyber officer because the chief information security officer (CISO) performs that function.
Volume 4, 2016
by Farbod Hosseyndoust Foomany, Ph.D., Ehsan Foroughi, CISM, CISSP, and Rohit Sethi
The article investigates security requirements of traditional remote code execution techniques in light of threat modeling results and expounds on the sections of security compliance regulations that stipulate those requirements.
Volume 3, 2016
While mobile devices have enhanced productivity, these devices compete for limited attention span and may make it more difficult to gain sufficient attention for security awareness.

Wikis: 2 total

Blog Posts: 142 total

After 1+ year's preparation, along with busy work and postponded the exam 3 times, finally, decided to go! Luckily, passed after 5 hours 43 mins sitting, with just one small bread and little water in the middle. CISSP is not impossible!
Posted By : XIAOQI | 0 comments
Let us have positive inspirational slogans for every situation. Last week I started the project meeting like this: I don't know you are all so good at tuning the website. The performance is now is wonderful. I could witness reduction of stress, anxiety an...
Posted By : Jayakumar Sundaram | 1 comments
Yesterday’s security technology will not keep your network safe today, nor will today’s solutions protect you tomorrow. Network security must evolve. And at a rate that keeps it always one step ahead of the threats. These could include factors such as you...
Posted By : rasoolirfan | 1 comments
As most of you have already read, an actor known as "TheDarkOverLord" has supposedly penetrated at least 5 healthcare systems. ( The actor identifies one EMR vendor...
Posted By : Gary055 | 0 comments
Según un estudio realizado por ISACA y RSA Conference, el 82 por ciento de las organizaciones esperar a ser atacado en 2015, pero dependen de profesionales que consideran poco cualificado e incapaz de manejar las complejas amenazas o entender su neg...
Posted By : AlejandroAV | 0 comments
Un solo control o contramedida suele no ser suficiente para eliminar el riesgo, por este motivo suelen usarse distintos controles para proteger un activo. Al proceso de establecer defensas en distintas capas se le denomina defensa en profundidad (tamb...
Posted By : AlejandroAV | 0 comments