Find Resources & Connect with members on topics that interest you.

AI - Acquire and Implement

PO - Plan and Organize

DS - Deliver and Support

Please sign in to see your topics.

You must be logged in to join this group.

Information Security Management

Welcome to the Information Security Management topic!

Collaborate, contribute, consume and create knowledge around topics such as cloud computing, application security, vulnerability management, PCI, and data protection.

ISACA members can participate by clicking on the “Join this Community” button. You must be signed into the site. Set your alerts to be notified of new discussion activity within this community. Not an ISACA member? Join now!

This Topic Has:
1286 Members
1 Online
12726 Visits

Community Leader

Marc Vael

Marc Vael

Title: Chief Audit Executive

Badge: Influential

Ross Peachey

Ross Peachey

Badge: Energizer



Badge: Social



Badge: Influential


NEW! Activity Badges

Badges help others understand your level of community activity and your reputation as a contributor within the Knowledge Center. Learn More.

Discussions: 111 total

Must be a Topic member to contribute
View All »
Dear colleagues,  In my company we experience serious difficulties with assigning ownership of the business systems to the people from the business. According to ISO27001, the Asset Owner should be responsible for information classification, controlling t...
Lilia Georgieva | 8/31/2016 11:35:29 AM | COMMENTS(3)
ISACA recently awarded the 30,000th CISM certification. Since its introduction in 2002, the CISM credential has become recognized and adopted worldwide as a symbol of excellence for information security professionals. Why did you decide to pursue the CISM...
Marc Vael | 8/29/2016 4:57:13 AM | COMMENTS(5)
Would anyone be kind to advise on how a Business Analyst can support a Cyber Security project mainly looking at Data Loss Prevention through Email and Web Services Security. The key is how to gather security requirements especially where an MSSP and SIEM ...
Abayomi786 | 7/23/2016 3:39:45 AM | COMMENTS(0)
What is best practice to trace Developers' Access to Production Environment for any given application? 
Jothirao | 7/21/2016 5:05:30 AM | COMMENTS(5)
Hello all, I am interested in question of your known best practice of IT security place in organizational structure. Wondering to know your thoughts regarding this and thank you in advance! -T.
Tomas Martinkenas | 7/11/2016 2:20:06 AM | COMMENTS(1)
Hi All, There's alot of theory thrown around about ROSI. In theory it makes sense. But using these ideas seems problematic in practice. For one thing, ROSI relies on not one, but TWO risk estimates (current and residual).  It's rare to see formal calculat...
Ross Peachey | 6/5/2016 7:11:49 AM | COMMENTS(0)

Documents & Publications: 206 total

Must be a Topic member to contribute
View All »
Posted by ISACA Yesterday
Posted by ISACA 107 days ago
Posted by ISACA 177 days ago
Posted by ISACA 222 days ago

Events & Online Learning: 16 total

Journal Articles: 251 total

Volume 5, 2016
by Karina Korpela, CISA, CISM, CRISC, CISSP, PMP, and Paul Weatherhead, CISSP
Once approval to perform an information security audit and, most likely, a penetration test (pen-test) of an organization’s networks and systems has been obtained, then what?
Volume 5, 2016
by Steven J. Ross, CISA, CISSP, MBCP
Still having a base in IS/IT auditing, ISACA now encompasses consultants, educators, IS security professionals, risk professionals, chief information officers and internal auditors
Volume 5, 2016
Get to know your network.
Volume 5, 2016
by Stefan Beissel, Ph.D., CISA, CISSP, PMP
As companies become more reliant on modern technology, they also have to face more vulnerabilities that must be handled efficiently.
Volume 5, 2016
by Tom Pendergast, Ph.D.
Despite a wealth of preventive measures, employees remain one of the costliest vectors in a number of data breaches and security incidents, which are increasing at an alarming rate.
Volume 5, 2016
by John W. Lainhart IV, CISA, CISM, CGEIT, CRISC, CIPP/G, CIPP/US, Zhiwei Fu, Ph.D., CISA, CGEIT, CRISC, CFE, CISSP, ITIL, PMP and Christopher M. Ballister, CISM, CGEIT, CRISC
Organizations need to move toward a more holistic and proactive approach to addressing security threats and managing compliance requirements in today’s information-driven economy.

Wikis: 2 total

Blog Posts: 146 total

I believe the evolution of Social Media is the biggest game changer of the internet after email. Having a platform to connect with people thousands of miles apart or becoming a “contra personality” to what I really am, has given people a taste of what bor...
Posted By : Saibal Dasgupta | 0 comments
It is a boundary. Digital trend. Board is responsible for failures. The right board is necessary. Changing culture is via channel the energy  to do things differently. Stay connected to the people on the ground. Focus on looking forward. Do not demonise t...
Posted By : Swee908 | 0 comments
Posted By : Dr. Stephanie Carter | 0 comments
27 Jul 2016
Hi everyone - I hope you can help me with my questions: I have passed my CISA exam last October, with my work experience combine with my educational background, I am able to save 3 years from the requirement to get my CISA designation, but I am lac...
Posted By : Lan234 | 0 comments
After 1+ year's preparation, along with busy work and postponded the exam 3 times, finally, decided to go! Luckily, passed after 5 hours 43 mins sitting, with just one small bread and little water in the middle. CISSP is not impossible!
Posted By : XIAOQI | 0 comments
Let us have positive inspirational slogans for every situation. Last week I started the project meeting like this: I don't know you are all so good at tuning the website. The performance is now is wonderful. I could witness reduction of stress, anxiety an...
Posted By : Jayakumar Sundaram | 1 comments