Cybersecurity Resources 

 

Welcome to the ISACA cybersecurity resource page, where all of ISACA's activity and knowledge related to cybersecurity can be found.

New U.S. Cybersecurity Framework Developed by NIST Features COBIT 5 in the Core.

ISACA and ENISA Meet to Discuss Cybersecurity

ENISA and ISACA hold joint Cybersecurity Workshop.

As a part of Cybersecurity month, ISACA sponsored the webinar, The State of Cybercrime.

Additionally, ISACA and the IIA collaborated on a webinar on Cybersecurity.

ISACA is currently participating as a champion and supporter of the European and US Cybersecurity month of October and the European Kick off event.

ISACA presented on the formal agenda of the kickoff of European Cybersecurity month at the European Commission offices in Brussels. Additionally, ISACA has been an active participant in US government development workshops, where NIST led the creation of a cybersecurity framework for the US. NIST included an appendix to the cybersecurity framework that cross-references COBIT 5, and ISACA has contributed to this deliverable. Click here for the latest DRAFT of this cybersecurity framework.

ISACA is also participating in the response to the UK government regarding its request for a standard or framework for dealing with cybersecurity challenges for small- and medium-sized organizations.

 

Advanced Persistent Threats: How To Manage the Risk To Your Business

This book explains the nature of the security phenomenon known as the advanced persistent threat (APT). It also provides helpful advice on how to assess the risk of an APT to the organization and recommends practical measures that can be taken to prevent, detect and respond to such an attack. In addition, it highlights key differences between the controls needed to counter the risk of an APT attack and those commonly used to mitigate everyday information security risk.

Learn More

 

 

 

Transforming Cybersecurity Using COBIT 5

Transforming Cybersecurity Using COBIT 5

The cost and frequency of cybersecurity incidents are on the rise, is your enterprise keeping pace?

The numbers of threats, risk scenarios and vulnerabilities have grown exponentially. Cybersecurity has evolved as a new field of interest, gaining political and societal attention. Given this magnitude, the future tasks and responsibilities associated with cybersecurity will be essential to organizational survival and profitability.

Learn More

 

 

 

 

Advanced Persistent Threat Awareness Study Results

Advanced Persistent Threat Awareness Study Results

Advanced Persistent Threats Are Real. Is your enterprise at risk?

Learn why of those who were surveyed:

  • 93.6% feel APTs are a serious threat 
  • 63% think it is only a matter of time 
  • 79% feel this is the largest gap in APT prevention 
  • 1 in 5 have experienced an APT attack 

Learn More

 

 

 

Responding to Targeted Cyberattacks

Responding to Targeted Cyberattacks

A Breach WILL Eventually Occur! Is your enterprise prepared?

The threat environment has radically changed over the last decade. Most enterprises have not kept pace and lack the necessary fundamentals required to prepare and plan against cyberattacks.

This publication covers a few of the basic concepts that will help answer the key questions posed by a new outlook: that a breach WILL eventually occur.

Learn More

 

 

 

Cybercrime Audit/Assurance Program

Cybercrime is not a new phenomenon, however the frequency and the damage potential has increased significantly, often operating under the radar until they are the cause of major fraud or serious organizational embarrassment. The impact on the business could be significant exposing the enterprise to:

  • Loss of private data
  • Business disruption
  • Financial risk

The objective of the audit/assurance review is to provide management with an independent assessment relating to the effectiveness of cybercrime prevention, detection and incident management processes, policies, procedures and governance activities.

Learn More

 

 

ISACA and ENISA Meet to Discuss Cybersecurity

ISACA’s Ron Hale, Shannon Donahue, Tom Lamm, Christos Dimitriadis and Rolf von Roessing joined senior leaders of the European Union Agency for Network and Information Security (ENISA) in Athens, Greece, in January to discuss collaboration in the European Union on topics including cybersecurity, ICS/SCADA, cloud computing, and security and audit training.

The working meeting of the two groups follows on the collaboration to date, which includes working together on EU Cybersecurity Month and holding a joint workshop for regulators and ISPs on Article 13a (Incident Reporting and Security Measures), and sharing a number of articles and blog posts.

“This was a productive meeting that should help to continue a healthy partnership moving forward,” said Hale, acting CEO of ISACA. “Collaboration is key for promoting good practices and approaches, especially in cybersecurity, due to the borderless and dynamic nature of the threats,” added Dimitriadis, who is also a member of ENISA’s Permanent Stakeholders’ Group.