Guidance at all Levels of the IT Security Management Development Process

Security as Highest Priority in Data Centre Planning Survey

(19.03.10) - Research just published claims to show that power, price and security are the three main drivers when it comes to companies reviewing their data centre requirements. And, says a leader from ISACA, the not-for-profit information security association, the good news is that 28 per cent of the 100 major corporate respondents said security was highest on their priority lists, followed by 26 and 16 per cent when it comes to price and power.

"This is excellent news and indicates that the message that security is a key factor when planning major IT system deployments is getting through to managers outside the IT discipline," said Rolf von Roessing, CISA, CISM, CGEIT, international vice president of ISACA. "With our global membership now approaching 90,000, our team of professionals has been working hard to ensure that managers in all business sectors understand the need for effective but sufficient information security budgets in any organisation," he said.

According to von Roessing, the just-published Telehouse survey proves that managers now understand they cannot offer the best levels of IT service - which is essential in these economically stringent times - without balancing the price/security risk/reward issue.

It's also good to see that 16 per cent of managers responding to the survey include data resilience in their 'hit list' of priorities when understanding IT strategy planning, he said.

Von Roessing explained that, with the information security profession now well into its third decade, there is a definite need for a professional approach in all aspects of security. "ISACA offers its members guidance at all levels of the IT security management development process, both by peer discussion at its meetings and conferences, as well as a large number of papers and discussion documents," said von Roessing.

Last year, for example, ISACA published its Risk IT framework, which is based on the associations' COBIT framework and best practice guidance, and is available as a free download. The Risk IT framework, says von Roessing, was developed after 18 months of rigorous work by an international task force with members from five countries.

Later this year, ISACA will be publishing the Business Model for Information Security. An introductory guide is currently available as a free download..

"Managing IT security in any organisation has come a long way since the IT fire fighting days of the 1980s and 1990s," said von Roessing. "Today's IT governance professional needs a strong and disciplined approach, and ISACA can provide its memberships with the tools that are required to achieve - and maintain - high levels of excellence in our profession," he added. (ISACA: ma)