Press Release: October 22, 2008
Rolling Meadows, IL, USA (22 October 2008)—To help companies bridge the divide between information security and business objectives, ISACA has entered a license agreement with the University of Southern California’s Marshall School of Business to develop a business model for information security.The model will be based on the Systemic Security Management framework developed by the Institute for Critical Information Infrastructure Protection (ICIIP), which was formed by the Marshall School of Business.
“The Systemic Security Management framework recognizes that security is not just a technology problem,” said Charles P. Meister, executive director of the ICIIP. “Traditionally, frameworks for looking at security have considered people (employees), process (controls that are in place to ensure security) and technology. This model is unique in that it adds the concepts of an organization’s design and strategy.”
ISACA, a nonprofit association that serves more than 86,000 IT security, assurance and governance professionals, will transform the theoretical model into a practical tool that can be used by information security practitioners to unify security initiatives with the business mission. Called the Business Model for Information Security Management, the model will apply internationally, across different cultures and regulatory environments, and will be suitable for all types of enterprises, including for-profit and nonprofit organizations and governmental bodies.
“We have high expectations for the agreement with the Marshall School of Business,” said Kent Anderson, member of ISACA’s Security Management Committee. “The Systemic Security Management model is a valuable approach to making the link between security activities and business priorities more transparent. ISACA looks forward to creating practical materials based on the model that will be useful to information security managers and information systems auditors around the world.”
For more information:
Visit USC Marshall School of Management ICIPP =>
Institute for Critical Information Infrastructure Protection Develops Systemic Security Management Model. White paper by Laree Kiely and Terry Benzel.