Join        Login             Stock Quote

New COBIT 5 Guide Identifies Top Three Cybersecurity Game Changers

Wednesday, June 19, 2013 9:05 AM

New COBIT 5 Guide Identifies Top Three Cybersecurity Game Changers

Cybercrime is on the rise, but will grow even faster if organizations ignore an emerging group of cybersecurity game changers: always-on connectivity, an increasingly IT-centric society, and a new class system that separates people by technology skills. ISACA’s latest guide, Transforming Cybersecurity Using COBIT 5, examines the impact of these game changers and how to manage and transform security by using COBIT 5, a business framework for the governance and management of enterprise information and technology. Along with publication of the guide, IT association ISACA also announced today the formation of a global cybersecurity task force.

The three game changers named in the guide provide both motive and opportunity for cybersecurity breaches and criminal activities—especially the advanced persistent threat (APT)—if ignored:

  • Always-on connectivity, which increases the window of opportunity for attack
  • IT-centric business and society, which increases the number of business processes that can be targeted
  • New class system by technology skills, which increases the role of human error in enabling cybercrime

“In just the past three years, the number of threats and vulnerabilities has grown almost exponentially. By using COBIT 5, security professionals have a systematic approach for overcoming some of their biggest internal barriers—especially inadequate budget and lack of senior management support,” said Rolf von Roessing, CISA, CISM, CGEIT, CISSP, FBCI, lead developer of the guide and president of FORFA AG.

This latest addition to ISACA’s cybersecurity series is designed for information security managers, corporate security managers, end users, service providers, IT administrators and IT auditors. It includes guidance on using the COBIT 5 framework to integrate cybersecurity with an overall approach to security governance, risk management and compliance, as well as eight principles for transforming security.

“The enormous opportunities inherent with cloud, mobility, social networking and big data also create significant security risks, and most organizations are ill-prepared to respond effectively. If we want to defend ourselves from sophisticated and targeted cyberattacks, it’s time to shift the industry’s thinking from a focus on compliance and perimeter security to a more proactive posture that is all about protecting the crown jewels,” said Eddie Schwartz, CISA, CISM, chair of ISACA’s Cybersecurity Task Force and chief information security officer (CISO) at RSA, The Security Division of EMC.

A recent ISACA cybersecurity survey of more than 1,500 security professionals worldwide found that 94 percent of respondents believe that the APT represents a credible threat to national security and economic stability. Top risks were seen as loss of enterprise intellectual property (26 percent), loss of customer or employee personally identifiable information (24 percent) and damage to corporate reputation (21 percent).

ISACA Global Cybersecurity Task Force

As part of its ongoing commitment to helping business and IT leaders maximize value and manage risk related to information and technology, ISACA also announced the formation of a cybersecurity task force to drive research, guidance and advocacy. Eight information security professionals from locations around the world were named to the Cybersecurity Task Force:

  • Eddie Schwartz, CISO at RSA, The Security Division of EMC (USA) (chair)
  • Brent Conran, Chief Security Officer, McAfee (USA)
  • Marcus Sachs, Vice President for National Security Policy, Verizon (USA)
  • Neil Barlow, Head of Information Security Governance, Risk & Compliance (GRC), Euronext, NYSE (UK)
  • Samuel Linares, Director and Founder, Industrial Cybersecurity Center (Spain)
  • John Lyons, Chief Executive, International Cyber Security Protection Alliance (UK)
  • Manuel Aceves, Director General, Cerberian Consulting (Mexico)
  • Derek Grocke, Security & Infrastructure Manager, Internode (Australia)

Transforming Cybersecurity Using COBIT 5 is the third installment in a cybersecurity series from ISACA, a global association of 110,000 information security, assurance, risk and governance professionals. The first two installments, Advanced Persistent Threat Awareness Study Results and Responding to Targeted Cyberattacks, are available at www.isaca.org/cyber.

The guide is available at no charge to members of ISACA; nonmembers can purchase a print or electronic version at www.isaca.org/cybersecurity-cobit.

ISACA will address cybersecurity issues at its Information Security and Risk Management Conference in Las Vegas, held 6-8 November 2013.


With 110,000 constituents in 180 countries, ISACA® (www.isaca.org) helps business and IT leaders maximize value and manage risk related to information and technology. Founded in 1969, the nonprofit, independent ISACA is an advocate for professionals involved in information security, assurance, risk management and governance. These professionals rely on ISACA as the trusted source for information and technology knowledge, community, standards and certification. The association advances and validates business-critical knowledge through the CISA, CISM, CGEIT and CRISC credentials. ISACA also developed COBIT®, a business framework that helps enterprises in all industries and geographies govern and manage their information and technology.

Follow ISACA on Twitter: https://twitter.com/ISACANews

(Source: Business Wire )
(Source: Quotemedia)


Fundamental data is provided by Zacks Investment Research, and Commentary, news and Press Releases provided by YellowBrix and Quotemedia.
All information provided "as is" for informational purposes only, not intended for trading purposes or advice. iStockAnalyst.com is not an investment adviser and does not provide, endorse or review any information or data contained herein.
The blog articles are opinions by respective blogger. By using this site you are agreeing to terms and conditions posted on respective bloggers' website.
The postings/comments on the site may or may not be from reliable sources. Neither iStockAnalyst nor any of its independent providers is liable for any informational errors, incompleteness, or delays, or for any actions taken in reliance on information contained herein. You are solely responsible for the investment decisions made by you and the consequences resulting therefrom. By accessing the iStockAnalyst.com site, you agree not to redistribute the information found therein.
The sector scan is based on 15-30 minutes delayed data. The Pattern scan is based on EOD data.