ISACA commends the Ponemon Institute's latest "Cost of cybercrime" report for the detail it provides on the indirect costs of IT security attacks, as well as the news that organizations are focusing more resources on their security forensics and detection methodologies.


According to the report, early-detection security technologies can help reduce costs if they are deployed properly and monitored.

"More than anything, this strengthens our on-going commitment at ISACA to educate business professionals on the need for security planning and, by implication, enterprise governance of IT," said Rolf von Roessing, member of ISACA’s COBIT Security Task Force.

"With nearly 100,000 members, our not-for-profit information security, assurance and governance association is well placed to provide the education that is required to improve the governance, risk management and compliance requirements that this report identifies as being central to countering the costly problem of cyber crime," he added.

These issues are central to ISACA's strategy with its globally respected COBIT framework, version 5 of which is available for public exposure through 18 September.

COBIT is a supporting tool set that allows managers to bridge the gap among control requirements, value creation, technical issues and business risks in their organization.

Part of the framework's benefits, said von Roessing, is that it delivers the most up-to-date thinking in enterprise governance and security management.

Enterprises of all sizes around the world have implemented COBIT to help manage their IT-related risks and increase their levels of confidence in the information.

"COBIT supports the development of clear policies and good practice for management, as well as increasing the value they achieve from their IT and compliance," he said, adding that the just-issued Ponemon report confirms the need for networking intelligence, security event management, governance, risk management and compliance.

At the same time, the report identifies the downward pressure on costs associated with these vital security activities in the enterprise environment, which is where the COBIT advantage enters the frame, since it allows management to plan and deploy their security systems and technologies in the most effective manner possible.

Any organization can throw unlimited money and resources at a problem and potentially lose a lot. However, deploying effective information security with a reasonable cost-benefit ratio requires more than that: planning and, by implication, effective governance and risk management.