Everyone is aware of the need for information security in today's highly networked business environment. Information is arguably among an enterprise's most valuable assets, so its protection from predators from both within and outside has taken center stage as an IT priority.

ISACA has long recognized the importance of information security and offers a wide range of products and services on the topic. Most significantly, in 2002 ISACA introduced the Certified Information Security Manager (CISM) certification, recognizing the special role played by those who manage an enterprise's information security program. In addition, our CISA certification carries a significant amount of infosec content, our conferences offer sessions and tracks on the topic, many bookstore items focus on it and our bimonthly Journal has regular information security columns.

ISACA’s support of the security profession is underscored by its formation of an alliance with ASIS International to support the increasingly converged role of security in enterprises. More information.

Cloud Computing Information/Resources

ISACA is a member of the Alliance for Enterprise Security Risk Management (AESRM)
A series of publications on Security Convergence and ERM are provided by AESRM for complimentary download as PDFs

An Introduction to the Business Model for Information Security
This guide provides a view of information security program activities within the context the larger enterprise, to integrate the disparate security program components into a holistic system of information protection. It introduces the model and its core concepts to enterprises, particularly to:  senior executives, information security managers, those who have responsibility for managing business risk and individuals who have responsibility for the design, implementation, monitoring and improvement of an information security management system.

Model Curriculum for Information Security Management
The model provides academic institutions with a basic framework of the education required to develop the skills needed to make students employable in the profession. In addition, the model can serve both those who are interested in obtaining an information security education and interested educational institutions worldwide that are developing a curriculum in information security.

Defining Information Security Manager Position Requirements: Guidance for Executives and Managers
This report presents what may be deemed the general attributes of information security manager roles, functions and career paths in an enterprise. It is intended to serve as a practical guide defining career paths and essential attributes of the information security manger position. This guidance can be tailored to the specific requirements of an enterprise based on size, scale, nature, resources, position level and the complexity of the enterprise.

Information Security Governance: Guidance for Information Security Managers
This publication discusses how to develop an information security strategy within the organization’s governance framework and how to drive that strategy through an information security program. It provides guidance on determining information security objectives and how to measure progress toward achieving them.

Information Security Career Progression Survey Results
The role of the Certified Information Security Managers (CISM) is changing. In 2007, ISACA launched the Information Security Career Progression Survey and examined the job responsibilities and positions of CISMs in both their previous and current job roles. This publication presents the analyzed results of the survey and provides CISMs with interesting facts regarding the roles and responsibilities of information security managers.

Stepping Through the InfoSec Program
The information security professional has evolved from computer operator to chief information security officer, and from controlling punched cards to negotiating strategic plans, defining policies, documenting processes, managing technology, measuring performance, controlling costs, supporting business recovery and demonstrating regulatory compliance. This publication includes a case study and steps to:

• Compose an information security program
• Cement a relationship between an information security program and IT governance
• Design roles and responsibilities to ensure accountability
• Identify and allocate resources to achieve information security program objectives
• Determine if an information security program is achieving objectives

The Convergence of Physical and Information Security in the Context of Enterprise Risk Management
On behalf of the Alliance for Enterprise Security Risk Management (AESRM), Deloitte & Touche LLP Canada researched and developed this 2007 report addressing the value of security as part of enterprise risk management (ERM) and the benefit of a converged view of security in managing enterprise risk. The material that forms the basis of the study includes surveys and interviews conducted by Deloitte Touche Tohmatsu member firms for AESRM, material developed by Deloitte, and prior research conducted by AESRM. The survey drew on the insights and experiences of security executives representing traditional and information security disciplines who are members of ASIS International and ISACA. These security executives provided insight into the:

• General state of security convergence
• Integration of converged security as part of ERM
• Role of risk councils
• Benefit that a strategy for converged risk management plays in breaking down communications barr

Convergent Security Risks in Physical Security Systems and IT Infrastructures
This 2006 study by the Alliance for Enterprise Security Risk Management (AESRM), conducted by founding members ISACA and ASIS International, describes how enterprises are facing the risks that arise when physical and IT security risks collide.

Convergence of Enterprise Security Organizations (PDF, 1.6M)
A 2005 joint study conducted by ISACA and ASIS International examining how enterprises are addressing the converged issues surrounding their security.