Guidance from IT Governance Institute Offers a Holistic Approach to Information Security

Guidance for Information Security Managers Outlines Key Security Tasks

(27.06.08) - To help information security professionals who are facing growing pressure to cut costs, reduce IT-related risks, and comply with new and existing laws and regulations, the IT Governance Institute (ITGI) has released new guidance featuring a holistic approach to information security governance.

Developed and reviewed by a team of international information security experts, Information Security Governance: Guidance for Information Security Managers outlines key security tasks for the following areas:

· Strategic alignment - Cost-effectiveness of the security program, tied to how well the organization’s objectives are supported

· Risk management - The ultimate objective of all information security activities and organizational assurance efforts

· Value delivery - A function of the strategic alignment of security strategy and business objectives

· Performance measurement - Measuring, monitoring and reporting on information security processes

· Resource management - Processes to plan, allocate and control information security resources, including people, processes and technologies for improving the efficiency and effectiveness of business solutions

· Process assurance - Integration of disparate assurance functions to ensure that processes operate as intended from end to end, minimizing hidden risks

· For each key task, the publication provides indicators that the tasks are being performed correctly. It also includes actions that boards and executive management can take to ensure effective governance over information security.

"As with any other business-critical activity, information security program activities must be thoroughly planned, effectively executed and constantly monitored at the highest levels of the organization,” said Krag Brotby, CISM, member of the ISACA CISM Test Enhancement Committee and author of the ITGI publication. "Failure to do so can cause significant financial losses or reputational damage—as many companies have learned the hard way. Information security is truly one of those areas in which preparation is infinitely more valuable than remediation."

Information Security Governance: Guidance for Information Security Managers is available from the ISACA Bookstore at www.isaca.org/bookstore. It is a companion publication to Information Security Governance: Guidance for Boards of Directors and Executive Management, 2nd Edition.
(IT Governance Institute: ra)