Find Resources & Connect with members on topics that interest you.

AI - Acquire and Implement

PO - Plan and Organize

DS - Deliver and Support

Please sign in to see your topics.

You must be logged in to join this group.

Information Security Management

Welcome to the Information Security Management topic!

Collaborate, contribute, consume and create knowledge around topics such as cloud computing, application security, vulnerability management, PCI, and data protection.

ISACA members can participate by clicking on the “Join this Community” button. You must be signed into the site. Set your alerts to be notified of new discussion activity within this community. Not an ISACA member? Join now!

 
This Topic Has:
1059 Members
0 Online
11058 Visits

Community Leader

Marc Vael

Marc Vael

Title: Director Internal Audit & Risk Management

Badge: Influential

Ross Peachey

Ross Peachey

Badge: Energizer

ShanShan

ShanShan

Badge: Social

Simiyu

Simiyu

Badge: Influential

 

NEW! Activity Badges

Badges help others understand your level of community activity and your reputation as a contributor within the Knowledge Center. Learn More.

Discussions: 85 total

Must be a Topic member to contribute
View All »
Last week, the popular password management software LastPass got hacked. (see link for news detail: http://bits.blogs.nytimes.com/2015/06/15/lastpass-password-manager-acknowledges-breach/?_r=0)It will get hacked, just like any systems out there these days...
ShanShan | 7/1/2015 4:57:52 AM | COMMENTS(4)
Hello guys, I've done a matrix example for SOC activities, i would share it with you and your advices/comments for improving it. For the moment, i use dropbox for sharing and contact information are in the document. Link: https://www.dropbox.com/...
Damien643 | 6/26/2015 8:06:33 PM | COMMENTS(5)
Hope you don't mind me posting in this groupabout this year's ISACA Ireland conference, which is focusing on placingbusiness first. Wewould like this conference to be as successful as last year's, which was trulyinternational with 24 speakers from 12 coun...
Neil_Curran | 6/17/2015 5:42:08 AM | COMMENTS(1)
IRS got hacked and 100,000 records were exposed. Not enough security control in place? What do you think about this case?http://www.nytimes.com/2015/05/27/business/breach-exposes-irs-tax-returns.html?hp&action=click&pgtype=Homepage&module=first-column-reg...
ShanShan | 6/3/2015 6:02:29 PM | COMMENTS(4)
Does anyone know of a CISM study group for the upcoming exam, or have any suggestions on what and how to study for the exam.
REGGIE554 | 5/28/2015 2:45:52 AM | COMMENTS(7)
helloI have posted a new topic discussion asking for an advice for general IS policy and AUP with the draft version http://www.isaca.org/Groups/Professional-English/information-security-policies-and-procedures/Pages/ViewDiscussion.aspx?PostID=124 if you a...
AHMED359 | 5/11/2015 9:44:07 AM | COMMENTS(2)

Documents & Publications: 197 total

Events & Online Learning: 15 total

19 Aug 2013
ISACA International Event
San Francisco, CA, USA
14 Oct 2013
ISACA International Event
Boston, MA, USA
6 Nov 2013
ISACA International Event
Las Vegas, NV, USA
North America ISRM features relevant security and risk management topics presented by leading industry experts and practitioners.
11 Aug 2014
ISACA International Event
Seattle, WA, USA

Journal Articles: 500 total

Volume 4, 2015
by Ganapathi Subramaniam
How should I go about establishing the security function and building a culture that is supportive to controls implementation?
Volume 4, 2015
by Steven J. Ross, CISA, CISSP, MBCP
The more I thought about nonmalicious system downtime, the more I became convinced that systems that fail are themselves insecure, regardless of the intent of the person responsible.
Volume 4, 2015
by Sivarama Subramanian, CISM, Varadarajan Vellore Gopal, CEH, and Marimuthu Muthusamy
The Internet of Things (IoT) is captivating organizations because of its potential to rapidly transform businesses and people’s lives.
Volume 4, 2015
by Dipti Patel, CISA, CISM, ISO 27001 LA, ITIL V3
Vendor risk management is the next step to elevate information security from a technical control process to an effective management process.
Volume 4, 2015
by Gilbert N. Sorebo and Michael C. Echols | Reviewed by Dino Ippoliti, CISA, CISM
The book provides an overview of the smart grid and addresses security concerns associated with it.
Volume 4, 2015
by Christos Dimitriadis, Ph.D., CISA, CISM, CRISC, ISO 20000 LA
Get to know your network.

Wikis: 2 total

Blog Posts: 108 total

During an audit you may find that shell scripts are used to connect to your Oracle database (these are often scheduled jobs).  In many instances this represents a security risk as the Oracle database password is hardcoded into the script.  This means th...
Posted By : Ian Cooke | 1 comments
As the forensics are progressing at Sony they are coming to know that it was a spear phishing attack which turned successful for the hackers. Sony is not the only one that suffered damage due to phishing attack, Target as it appears was hacked through phi...
Posted By : Abhishek Tripathi | 0 comments
Según un estudio realizado por ISACA y RSA Conference, el 82 por ciento de las organizaciones esperar a ser atacado en 2015, pero dependen de profesionales que consideran poco cualificado e incapaz de manejar las complejas amenazas o entender su neg...
Posted By : AlejandroAV | 0 comments
Last week a Pakistan based hacker alias MakMan breached into the database of Gaana.com and made a bridge to their server for users to check whether their account is hacked or not, the hacker clearly declared that the intent of the hack is to show the vuln...
Posted By : Abhishek Tripathi | 0 comments
Lately i have been pre-occupied with how to add value to the Audit function as against the more established assurance service Audit has been known for. I see the value in the consulting approach, this is a more pre-emptive approach, allowing the organizat...
Posted By : Clemmento | 0 comments
Un solo control o contramedida suele no ser suficiente para eliminar el riesgo, por este motivo suelen usarse distintos controles para proteger un activo. Al proceso de establecer defensas en distintas capas se le denomina defensa en profundidad (tamb...
Posted By : AlejandroAV | 0 comments