Find Resources & Connect with members on topics that interest you.

AI - Acquire and Implement

PO - Plan and Organize

DS - Deliver and Support

Please sign in to see your topics.

You must be logged in to join this group.

Information Security Management

Welcome to the Information Security Management topic!

Collaborate, contribute, consume and create knowledge around topics such as cloud computing, application security, vulnerability management, PCI, and data protection.

ISACA members can participate by clicking on the “Join this Community” button. You must be signed into the site. Set your alerts to be notified of new discussion activity within this community. Not an ISACA member? Join now!

This Topic Has:
870 Members
0 Online
9580 Visits

 Recent Discussions

Why is so difficult train the management about... Posted by Cristina Ledesma.
Applying BMIS in practice. Posted by Marc Vael.
Applying military strategy to IT problems. Posted by Simiyu.

Community Leader

Farooq Wahab Naiyer
Marc Vael
Ross Peachey


Title: IS Audits Manager

NEW! Participate in Discussions Via Email. 

You can now respond to discussions by simply replying to the email alert. Just enable this feature in discussions on this topic. Learn more

Discussions: 58 total

Must be a Topic member to contribute
View All »
In my experience is not so easy to convince Mangement about the importance to work towards a certification process in Security, they do not yet percieved it as a value added nor a competitive advantages. If any of you has arguments that works for you plea...
Cristina Ledesma | 5/27/2014 5:04:03 AM | COMMENTS(8)
BMIS promotes systems thinking dynamic approach which can solve the balance question between pragmatic solutions and dogmatic behaviour on information & IT security alike. So here is my question to you: is this systems thinking valid for information secur...
Marc Vael | 5/26/2014 10:01:36 AM | COMMENTS(4)
It is well known that strategic management borrows heavily from military science.. How far do you agree with the below article?.
Simiyu | 4/8/2014 9:22:49 AM | COMMENTS(6)
The idea is to analize this topic by its different components, information, people and legal consecuences. My first concern is how to deal in an effective way with it if in my opinion the worst vulerability is in people who can be of very different cultur...
Cristina Ledesma | 4/3/2014 4:46:40 PM | COMMENTS(5)
What suggestions do you have for increasing awareness without resulting in "training" fatigue?  Our goal is to have annual formal awareness training but although well received it has been only moderately successful.  We still have folks falling prey to te...
LJC | 2/24/2014 1:08:05 AM | COMMENTS(4)
I want to know what techniques / methodologies are used to implement governance in IS, I mean for instance objectives, metrics, balance scorecard, etc..
Cristina Ledesma | 2/3/2014 5:29:42 AM | COMMENTS(1)

Documents & Publications: 187 total

Events & Online Learning: 16 total

19 Aug 2013
ISACA International Event
San Francisco, CA, USA
14 Oct 2013
ISACA International Event
Boston, MA, USA
6 Nov 2013
ISACA International Event
Las Vegas, NV, USA
North America ISRM features relevant security and risk management topics presented by leading industry experts and practitioners.

Journal Articles: 500 total

Volume 4, 2014
by Robert E Stroud, CGEIT, CRISC
Get to know your network.
Volume 4, 2014
by Steven J. Ross, CISA, CISSP, MBCP
The time has come to accept that cyberattacks are a global reality—malicious forces in the world have gone beyond vandalism toward institutionalized espionage, sabotage and crime.
Volume 4, 2014
by Viktor Polic, Ph.D., CISA, CRISC, CISSP
Information security vendors have recognized the need to optimize the process of managing ethical hacking projects with the goal to reduce their costs.
Volume 3, 2014
by Paul John Steinbart, Robyn Raschke, Graham Gal and William N. Dilla, Ph.D., CPA
The internal audit and information security functions can synergistically work together to optimize the overall effectiveness of information security.
Volume 3, 2014
by Steven J. Ross, CISA, CISSP, MBCP
The issue is no longer whether cyberattacks occur, but what to do about them.
Volume 3, 2014
by Benjamin Power, CISA, CPA
It is critical that IS audit and control professionals know how to write a good risk statement that is impactful and aligned to better practice.

Wikis: 2 total

Blog Posts: 119 total

Hi everyone!  I've drawn a big picture based on the information of the COBIT 5 Process as well as the ISO Standards and ITIL, to present and share it with other colleagues and for further discussions.  Well, I hope that Model will be useful, bec...
Posted By : Dirk445 | 9 comments
19 Jun 2014
Posted By : masarker | 2 comments
As an IT-security specialist i read a lot of standards, guides, frameworks and drafts on all matters of information security. When the EU Data Protection Regulation draft was first published in January 2012, i was eager to see what visions the EU h...
Posted By : Gaffri | 0 comments
In business the information security is the most important factor of operations stability. Prevents data loss , ensures companies data classified or not , to remain intact. Security Officers should establish company policies , procedures etc.. in orde...
Posted By : Constantinos297 | 0 comments
22 Mar 2014
SGSI Risk Management in LATAM-Argentina
Posted By : GMB_Gustavo Blanco | 0 comments
19 Mar 2014
At a recent IT event a show of hands was used to provide theback drop for how change is a consistently evolving event. How many of youbelieve that the number one enterprise Network security Threat is external Hacking?Fifty percent of the room. Ok, how man...
Posted By : Jamie L Yancy | 0 comments