Cyber-Security Game Changers

By Bob Violino

Cyber-crime is on the rise, and it will increase even faster if organizations ignore an emerging group of cyber-security game changers, according to a new report from ISACA, an independent nonprofit association that provides guidance and education in a number of IT areas.

The security game changers include always-on connectivity, an increasingly IT-centric society and a new class system that separates people by technology skills. The report, titled “Transforming Cybersecurity Using COBIT 5,” looks at the impact of these developments and how organizations can manage and transform security by using COBIT 5, a business framework for the governance and management of enterprise information and technology.

ISACA says the three game changers covered in the guide provide both motives and opportunities for cyber-security breaches and criminal activities—especially advanced persistent threats (APTs)—if they are ignored.

“In just the past three years, the number of threats and vulnerabilities has grown almost exponentially,” says Rolf von Roessing, lead developer of the guide and president of consulting firm Forfa AG. “By using COBIT 5, security professionals have a systematic approach for overcoming some of their biggest internal barriers. especially inadequate budget and lack of senior management support.”

The report, the third installment in ISACA’s cyber-security series, is designed for information security managers, corporate security managers, end users, service providers, IT administrators and IT auditors. The document includes guidance on using the COBIT 5 framework to integrate cyber-security with an overall approach to security governance, risk management and compliance, as well as eight principles for transforming security.

The first two installments, “Advanced Persistent Threat Awareness Study Results” and “Responding to Targeted Cyberattacks,” are available at www.isaca.org/cyber. The latest report is available at no charge to ISACA members; nonmembers can purchase a print or electronic version at www.isaca.org/cyber-security-cobit.

A recent ISACA cyber-security survey of more than 1,500 security professionals worldwide found that 94 percent of respondents believe that APT represents a credible threat to national security and economic stability. The top risks were seen as loss of enterprise intellectual property (26 percent), loss of customer or employee personally identifiable information (24 percent) and damage to corporate reputation (21 percent).

“The number of threats, risk scenarios and vulnerabilities have grown exponentially,” according to ISACA. “Cyber-security has evolved as a new field of interest, gaining political and societal attention. Given this magnitude, the future tasks and responsibilities associated with cyber-security will be essential to organizational survival and profitability.”

In addition to publication of the guide, ISACA also announced the formation of a global cyber-security task force, which will drive research, guidance and advocacy. Eight information security professionals from locations around the world were named to the task force.