sb-nz logo
Story image

ISACA provides cyber governance roadmap for enterprise security

17 Jan 2017

ISACA has given professionals and enterprises a roadmap and direction for the areas of cyber governance, with the launch of its new audit program that is based on the National Institute of Standards and Technology (NIST) Cybersecurity Framework.

The new audit program provides assessments of organisations’ security practices, including the ‘identify, protect, detect, respond and recover’ processes. It also helps organisations with asset management, awareness training, data security, resource planning, recovery planning and communications.

“This audit program based on the NIST framework offers detailed guidance that can provide enterprise leaders confidence in the effectiveness of their organisation’s cyber security governance, processes and controls,” says Christos Dimitriadis, chair of ISACA’s Board of Directors and group director of Information Security for Intralot.

ISACA says the program is in an Excel spreadsheet, which addresses primary security and control issues.

The issues include protection of sensitive data and intellectual property, protection of networks that connect multiple resources, and responsibility and accountability for devices and the information within.

The recover section includes testing steps to help organisations implement recover planning for timely restoration of assets and systems after security incidents, ISACA says.

The ISACA audit program is free to ISACA members and available for purchase to non-members.

ISACA runs 14 audit/assurance programs that have been developed and reviewed by professionals worldwide.

Story image
Check Point exposes Android malware vendor using dark net to rebrand products
Check Point security researchers have exposed an Android malware vendor using a marketer on the dark net to rebrand its products, with the intention of supercharging business and throwing off security vendors. More
Story image
Top security threats for 2021
2021 will see several themes develop into full blown security threats, many of them borne from the struggles of pandemic-stricken 2020, writes Wontok head of technology Mick Esber.More
Story image
Hornetsecurity acquires Altaro, the latest in acquisition spree
The move is a culmination of a medley of acquisitions made by Hornetsecurity recently, following the January 2019 acquisition of Spamina, a Spanish cloud email security company, as well as EveryCloud, its British market partner, in early 2020.More
Story image
IT professionals destroying end-of-life hardware over fears of data breaches - report
IT directors are destroying end of life tech hardware as opposed to erasing its data out of fear of making a mistake and facing data breaches.More
Story image
A brief history of cyber-threats — from 2000 to 2020
Many significant cybersecurity events have occurred since the year 2000 — not every one of them ‘firsts’, but all of them correlating with a change in security behaviour or protection.More
Story image
Sophos named a Numbering Authority in CVE programme
The programme, which runs an open data registry of vulnerabilities, enables programme stakeholders to correlate vulnerability information used to protect systems against attacks. More