Everyone is aware of the need for information security in today's highly networked business environment. Information is arguably among an enterprise's most valuable assets, so its protection from predators from both within and outside has taken center stage as an IT priority.

ISACA has long recognized the importance of information security and offers a wide range of products and services on the topic. Most significantly, in 2002 ISACA introduced the Certified Information Security Manager (CISM) certification, recognizing the special role played by those who manage an enterprise's information security program. In addition, our CISA certification carries a significant amount of infosec content, our conferences offer sessions and tracks on the topic, many bookstore items focus on it and our bimonthly Journal has regular information security columns.

ISACA’s support of the security profession is underscored by its formation of an alliance with ASIS International to support the increasingly converged role of security in enterprises. More information.

Read More:

An Introduction to the Business Model for Information Security
This guide provides a view of information security program activities within the context the larger enterprise, to integrate the disparate security program components into a holistic system of information protection. It introduces the model and its core concepts to enterprises, particularly to:  senior executives, information security managers, those who have responsibility for managing business risk and individuals who have responsibility for the design, implementation, monitoring and improvement of an information security management system.

Defining Information Security Manager Position Requirements: Guidance for Executives and Managers
This report presents what may be deemed the general attributes of information security manager roles, functions and career paths in an enterprise. It is intended to serve as a practical guide defining career paths and essential attributes of the information security manger position. This guidance can be tailored to the specific requirements of an enterprise based on size, scale, nature, resources, position level and the complexity of the enterprise.

Model Curriculum for Information Security Management
The model provides academic institutions with a basic framework of the education required to develop the skills needed to make students employable in the profession. In addition, the model can serve both those who are interested in obtaining an information security education and interested educational institutions worldwide that are developing a curriculum in information security.