Find Resources & Connect with members on topics that interest you.

AI - Acquire and Implement

PO - Plan and Organize

DS - Deliver and Support

Please sign in to see your topics.

You must be logged in to join this group.

Information Security Management

Welcome to the Information Security Management topic!

Collaborate, contribute, consume and create knowledge around topics such as cloud computing, application security, vulnerability management, PCI, and data protection.

ISACA members can participate by clicking on the “Join this Community” button. You must be signed into the site. Set your alerts to be notified of new discussion activity within this community. Not an ISACA member? Join now!

 
This Topic Has:
1283 Members
0 Online
12705 Visits

Community Leader

Marc Vael

Marc Vael

Title: Chief Audit Executive

Badge: Influential

Ross Peachey

Ross Peachey

Badge: Energizer

ShanShan

ShanShan

Badge: Social

Simiyu

Simiyu

Badge: Influential

 

NEW! Activity Badges

Badges help others understand your level of community activity and your reputation as a contributor within the Knowledge Center. Learn More.

Discussions: 110 total

Must be a Topic member to contribute
View All »
Would anyone be kind to advise on how a Business Analyst can support a Cyber Security project mainly looking at Data Loss Prevention through Email and Web Services Security. The key is how to gather security requirements especially where an MSSP and SIEM ...
Abayomi786 | 7/23/2016 3:39:45 AM | COMMENTS(0)
What is best practice to trace Developers' Access to Production Environment for any given application? 
Jothirao | 7/21/2016 5:05:30 AM | COMMENTS(5)
Hello all, I am interested in question of your known best practice of IT security place in organizational structure. Wondering to know your thoughts regarding this and thank you in advance! -T.
Tomas Martinkenas | 7/11/2016 2:20:06 AM | COMMENTS(1)
Hi All, There's alot of theory thrown around about ROSI. In theory it makes sense. But using these ideas seems problematic in practice. For one thing, ROSI relies on not one, but TWO risk estimates (current and residual).  It's rare to see formal calculat...
Ross Peachey | 6/5/2016 7:11:49 AM | COMMENTS(0)
We all know change control starts from a request (whether it's a user request or business request), however recently in a discussion with auditors they are saying there should be a control in place to address the "authorization of the request"- let it be ...
ShanShan | 6/2/2016 11:53:51 AM | COMMENTS(2)
I need information about typical organizational structure of information security areas in commercial airlines. Thanks
rsabella24 | 5/29/2016 9:22:52 AM | COMMENTS(1)

Documents & Publications: 206 total

Must be a Topic member to contribute
View All »
Books
Posted by ISACA 103 days ago
Books
Posted by ISACA 173 days ago
Books
Posted by ISACA 218 days ago

Events & Online Learning: 16 total

Journal Articles: 245 total

Volume 4, 2016
by Vincent Kha, CISM, GPEN, MCTS, OWSP
For many information systems auditors, reviewing domain accounts in an Active Directory (AD) environment is sufficient for testing controls around user authentication.
Volume 4, 2016
by Daniel Schatz, CISM, CCSK, CISSP, CSyP, CVSE, ISO 27001 LA/LI, MCITP-EA
The topic of information security has evolved to one of the top concerns among policymakers and corporations. Leaders demand answers from their support structures as to how such risk can be effectively managed.
Volume 4, 2016
by ISACA | Reviewed by Larry Marks, CISA, CISM, CGEIT, CRISC, CFE, CISSP, CSTE, ITIL, PMP
Securing Mobile Devices emphasizes the importance of collaboration among business, IT, security, legal and compliance to ensure that controls are properly designed and implemented.
Volume 4, 2016
by Debbie Newman, CISA
Get to know your network.
Volume 4, 2016
by Mohammed J. Khan, CISA, CRISC, CIPM
It is imperative that IT auditors work with all teams within the organization responsible for the development of mobile apps—business, IT development, IT security, legal and compliance.
Volume 4, 2016
by Steven J. Ross, CISA, CISSP, MBCP
I can hear the rejoinder now: There is no need for a chief cyber officer because the chief information security officer (CISO) performs that function.

Wikis: 2 total

Blog Posts: 146 total

I believe the evolution of Social Media is the biggest game changer of the internet after email. Having a platform to connect with people thousands of miles apart or becoming a “contra personality” to what I really am, has given people a taste of what bor...
Posted By : Saibal Dasgupta | 0 comments
It is a boundary. Digital trend. Board is responsible for failures. The right board is necessary. Changing culture is via channel the energy  to do things differently. Stay connected to the people on the ground. Focus on looking forward. Do not demonise t...
Posted By : Swee908 | 0 comments
Posted By : Dr. Stephanie Carter | 0 comments
27 Jul 2016
Hi everyone - I hope you can help me with my questions: I have passed my CISA exam last October, with my work experience combine with my educational background, I am able to save 3 years from the requirement to get my CISA designation, but I am lac...
Posted By : Lan234 | 0 comments
After 1+ year's preparation, along with busy work and postponded the exam 3 times, finally, decided to go! Luckily, passed after 5 hours 43 mins sitting, with just one small bread and little water in the middle. CISSP is not impossible!
Posted By : XIAOQI | 0 comments
Let us have positive inspirational slogans for every situation. Last week I started the project meeting like this: I don't know you are all so good at tuning the website. The performance is now is wonderful. I could witness reduction of stress, anxiety an...
Posted By : Jayakumar Sundaram | 1 comments