Story image

ISACA provides cyber governance roadmap for enterprise security

17 Jan 17

ISACA has given professionals and enterprises a roadmap and direction for the areas of cyber governance, with the launch of its new audit program that is based on the National Institute of Standards and Technology (NIST) Cybersecurity Framework.

The new audit program provides assessments of organisations’ security practices, including the ‘identify, protect, detect, respond and recover’ processes. It also helps organisations with asset management, awareness training, data security, resource planning, recovery planning and communications.

“This audit program based on the NIST framework offers detailed guidance that can provide enterprise leaders confidence in the effectiveness of their organisation’s cyber security governance, processes and controls,” says Christos Dimitriadis, chair of ISACA’s Board of Directors and group director of Information Security for Intralot.

ISACA says the program is in an Excel spreadsheet, which addresses primary security and control issues.

The issues include protection of sensitive data and intellectual property, protection of networks that connect multiple resources, and responsibility and accountability for devices and the information within.

The recover section includes testing steps to help organisations implement recover planning for timely restoration of assets and systems after security incidents, ISACA says.

The ISACA audit program is free to ISACA members and available for purchase to non-members.

ISACA runs 14 audit/assurance programs that have been developed and reviewed by professionals worldwide.

Oracle Java Card update boosts security for IoT devices
"Java Card 3.1 is very significant to the Internet of Things, bringing interoperability, security and flexibility to a fast-growing market currently lacking high-security and flexible edge security solutions."
Sophos hires ex-McAfee SVP Gavin Struther
After 16 years as the APAC senior vice president and president for McAfee, Struthers is now heading the APJ arm of Sophos.
Security platform provider Deep Instinct expands local presence
The company has made two A/NZ specific leadership hires and formed several partnerships with organisations in the region.
Half of companies unable to detect IoT device breaches
A Gemalto study also shows that the of blockchain technology to help secure IoT data, services and devices has doubled in a year.
Stepping up to sell security services in A/NZ
WatchGuard Technologies A/NZ regional director gives his top tips on how to make a move into the increasingly lucrative cybersecurity services market.
Huawei founder publically denies spying allegations
“After all the evidence is made public, we will rely on the justice system.”
Malware downloader on the rise in Check Point’s latest Threat Index
Organisations continue to be targeted by cryptominers, despite an overall drop in value across all cryptocurrencies in 2018.
IoT breaches: Nearly half of businesses still can’t detect them
The Internet of Thing’s (IoT’s) rapid rise to prominence may have compromised its security, if a new report from Gemalto is anything to go by.