Top Three Cybersecurity Game Changers
ISACA Forms Cybersecurity Task Force Featuring Leading Industry CSOs
Auckland, New Zealand, (20 June 2013)—Cybercrime is on the rise, but will grow even faster if organisations ignore an emerging group of cybersecurity game
changers: always-on connectivity, an increasingly IT-centric society, and a new class system that separates people by
technology skills. ISACA’s latest guide, Transforming Cybersecurity Using COBIT 5, examines the impact of these game changers and how to manage and transform security by using COBIT 5, a business
framework for the governance and management of enterprise information and technology. Along with publication of the
guide, IT association ISACA also announced today the formation of a global cybersecurity task force.
The three game changers named in the guide provide both motive and opportunity for cybersecurity breaches and criminal
activities—especially the advanced persistent threat (APT) —if ignored:
Click for big version.
“In just the past three years, the number of threats and vulnerabilities has grown almost exponentially. By using COBIT
5, security professionals have a systematic approach for overcoming some of their biggest internal barriers—especially
inadequate budget and lack of senior management support,” said Rolf von Roessing, CISA, CISM, CGEIT, CISSP, FBCI, lead
developer of the guide and president of FORFA AG.
This latest addition to ISACA’s cybersecurity series is designed for information security managers, corporate security
managers, end users, service providers, IT administrators and IT auditors. It includes guidance on using the COBIT 5
framework to integrate cybersecurity with an overall approach to security governance, risk management and compliance, as
well as eight principles for transforming security.
“The enormous opportunities inherent with cloud, mobility, social networking and big data also create significant
security risks, and most organizations are ill-prepared to respond effectively. If we want to defend ourselves from
sophisticated and targeted cyberattacks, it’s time to shift the industry’s thinking from a focus on compliance and
perimeter security to a more proactive posture that is all about protecting the crown jewels,” said Eddie Schwartz,
CISA, CISM, chair of ISACA’s Cybersecurity Task Force and chief information security officer (CISO) at RSA, The Security
Division of EMC.
A recent ISACA cybersecurity survey
of more than 1,500 security professionals worldwide found that 94 percent of respondents believe that the APT
represents a credible threat to national security and economic stability. Top risks were seen as loss of enterprise
intellectual property (26 percent), loss of customer or employee personally identifiable information (24 percent) and
damage to corporate reputation (21 percent).
ISACA Global Cybersecurity Task Force
As part of its ongoing commitment to helping business and IT leaders maximize value and manage risk related to
information and technology, ISACA also announced the formation of a cybersecurity task force to drive research, guidance
and advocacy. Eight information security professionals from locations around the world were named to the Cybersecurity
· Eddie Schwartz, CISO at RSA, The Security Division of EMC (USA) (chair)
· Brent Conran, Chief Security Officer, McAfee (USA)
· Marcus Sachs, Vice President for National Security Policy, Verizon (USA)
· Neil Barlow, Head of Information Security Governance, Risk & Compliance (GRC), Euronext, NYSE (UK)
· Samuel Linares, Director and Founder, Industrial Cybersecurity Center (Spain)
· John Lyons, Chief Executive, International Cyber Security Protection Alliance (UK)
· Manuel Aceves, Director General, Cerberian Consulting (Mexico)
· Derek Grocke, Security & Infrastructure Manager, Internode (Australia)
Commenting on the new Global Cybersecurity Task Force Jo Stewart-Rattray, CISA, CISM, CGEIT, CRISC, FACS CP,
International director of ISACA and director of information security and IT assurance at BRM Holdich, said: “ISACA’s new
Global Cybersecurity Task Force is an important milestone and will provide pragmatic guidance for organisations in an
emerging area. I am delighted that my colleague Derek Grocke has been appointed to this taskforce as he has significant
experience in this field of practice and will bring an Oceania perspective to the group’s offerings.”
Transforming Cybersecurity Using COBIT 5 is the third installment in a cybersecurity series from ISACA, a global association of 110,000 information security,
assurance, risk and governance professionals. The first two installments, Advanced Persistent Threat Awareness Study Results
and Responding to Targeted Cyberattacks
, are available at www.isaca.org/cyber
The guide is available at no charge to members of ISACA; non-members can purchase a print or electronic version at www.isaca.org/cybersecurity-cobit
ISACA will address cybersecurity issues at its Oceania CACS 2013 Conference
in Adelaide, Australia held 23-27 September 2013.