Three major organizations announced last month that they have teamed up to promote best practices, education and research around security management. The Information Systems Audit and Control Association (ISACA), the Information Systems Security Association (ISSA) and ASIS International formed the alliance to combine their respective intellectual resources to provide a bigger picture to professionals, employers and enterprises involved with security.
“I think it’s a combination of joint presentations, joint task forces and joint research,” said Bill Boni, chief information security officer, Motorola Inc. “Each one of these organizations has a constituency, a body of knowledge and experience that’s aligned to their core practitioners’ fields. We’ve been looking at different aspects through our particular lens of experience. The idea here is by combining the ASIS perspective on corporate security professionals, ISACA’s perspective on audit controls and technology assurance, and with ISSA’s information security, you’ve got a much broader perspective of the elements of risk that in large part are holistic.”
Boni, who serves on the board of directors of ISACA, is part of the ISSA’s CISO Forum and is a member of the Safeguarding Proprietary Information Council for ASIS International, said that this new association will lead to greater understanding of current and future security risks and threats, and perhaps allow for new approaches to possible solutions. “In the 21st century, we’re dealing with a range of blended threats,” he said. “From the classic IT perspective, this can mean a worm that uses more than one attack vector, but a blended threat in a homeland security context could well be a cyber-threat that’s designed to have a physical consequence, like crashing a power grid.
The alliance also will support training and certification by clearly defining competencies and knowledge necessary for chief security officers, chief information security officers and several other security job roles. “At ISACA, we’ve already taken this alliance to heart in how we’re approaching our CISM (Certified Information Security Manager) certification by including representation from both ASIS and ISSA on the job analysis and skill set board,” Boni said. “We’re actually walking the talk here. I see that as one of the vehicles influencing the respect for and the understanding of the respective constituencies.”
For more information, see http://www.isaca.org.