New U.S. Cybersecurity Framework Developed by NIST Features COBIT 5 in the Core.
ISACA and ENISA Meet to Discuss Cybersecurity
ENISA and ISACA hold joint Cybersecurity Workshop.
Additionally, ISACA and the IIA collaborated on a webinar on Cybersecurity.
ISACA is currently participating as a champion and supporter of the European and US Cybersecurity month of October and the European Kick off event.
ISACA presented on the formal agenda of the kickoff of European Cybersecurity month at the European Commission offices in Brussels. Additionally, ISACA has been an active participant in US government development workshops, where NIST led the creation of a cybersecurity framework for the US. NIST included an appendix to the cybersecurity framework that cross-references COBIT 5, and ISACA has contributed to this deliverable. Click here for the latest DRAFT of this cybersecurity framework.
ISACA is also participating in the response to the UK government regarding its request for a standard or framework for dealing with cybersecurity challenges for small- and medium-sized organizations.
How Likely is an APT attack?
Learn what has changed from 2014 to 2015:
- 74% think they will be a target
- 94% believe they are at least somewhat familiar with APTs
- 28% have been subject to an attack
- 67% believe they are ready to respond
Advanced persistent threats (APTs) continue to enjoy the spotlight in the wake of their successful use to launch several high-profile data breaches. This, the fourth in a series of ISACA studies designed to uncover information security professionals’ understanding and opinions of APTs, technical controls, internal incidents, policy adherence and management support, reveals positive trends since the 2014 survey.
This book explains the nature of the security phenomenon known as the advanced persistent threat (APT). It also provides helpful advice on how to assess the risk of an APT to the organization and recommends practical measures that can be taken to prevent, detect and respond to such an attack. In addition, it highlights key differences between the controls needed to counter the risk of an APT attack and those commonly used to mitigate everyday information security risk.
The cost and frequency of cybersecurity incidents are on the rise, is your enterprise keeping pace?
The numbers of threats, risk scenarios and vulnerabilities have grown exponentially. Cybersecurity has evolved as a new field of interest, gaining political and societal attention. Given this magnitude, the future tasks and responsibilities associated with cybersecurity will be essential to organizational survival and profitability.
A Breach WILL Eventually Occur! Is your enterprise prepared?
The threat environment has radically changed over the last decade. Most enterprises have not kept pace and lack the necessary fundamentals required to prepare and plan against cyberattacks.
This publication covers a few of the basic concepts that will help answer the key questions posed by a new outlook: that a breach WILL eventually occur.
Cybercrime is not a new phenomenon, however the frequency and the damage potential has increased significantly, often operating under the radar until they are the cause of major fraud or serious organizational embarrassment. The impact on the business could be significant exposing the enterprise to:
- Loss of private data
- Business disruption
- Financial risk
The objective of the audit/assurance review is to provide management with an independent assessment relating to the effectiveness of cybercrime prevention, detection and incident management processes, policies, procedures and governance activities.
Additional Information on Cybersecurity
ISACA and ENISA Meet to Discuss Cybersecurity
ISACA’s Ron Hale, Shannon Donahue, Tom Lamm, Christos Dimitriadis and Rolf von Roessing joined senior leaders of the European Union Agency for Network and Information Security (ENISA) in Athens, Greece, in January to discuss collaboration in the European Union on topics including cybersecurity, ICS/SCADA, cloud computing, and security and audit training.
The working meeting of the two groups follows on the collaboration to date, which includes working together on EU Cybersecurity Month and holding a joint workshop for regulators and ISPs on Article 13a (Incident Reporting and Security Measures), and sharing a number of articles and blog posts.
“This was a productive meeting that should help to continue a healthy partnership moving forward,” said Hale, acting CEO of ISACA. “Collaboration is key for promoting good practices and approaches, especially in cybersecurity, due to the borderless and dynamic nature of the threats,” added Dimitriadis, who is also a member of ENISA’s Permanent Stakeholders’ Group.