IT Governance Institute Identifies Top Actions for Security Managers: Complimentary Guidance Available at www.isaca.org/topactions

Rolling Meadows, IL, USA (20 September 2005)—The IT Governance Institute recommends top actions for security managers and chief information security officers (CISOs) in its latest research deliverable, Information Security Governance—Top Actions for Security Managers.
br>Available as a complimentary slide presentation at www.isaca.org/topactions, Top Actions is an extension of earlier ITGI research published in Information Security Governance: Guidance for Boards of Directors and Executive Management. The presentation identifies actions for security managers and CISOs to take to address 18 questions posed by senior management in the book.
br>Each slide represents one of the 18 questions designed to uncover information security issues and determine how to successfully implement information security governance. The slides contain considerations for security managers regarding the question, sources to assist the security manager in determining the appropriate response, evaluation and performance criteria to determine how effectively the enterprise addresses the security considerations, and security program initiatives detailing steps the enterprise should take.
br>Top Actions specifically focuses on:
– Uncovering the information security issues in an enterprise from a business and management perspective
– Addressing management’s perception of information security and security risk management issues
– Positioning information security as a component of IT and business governance
– Establishing what is required to ensure that information security governance is successfully implemented within the enterprise
br>”In today’s business environment, information security is critical to enterprises,” said Everett Johnson, CPA, international president of the IT Governance Institute and a partner (retired) at Deloitte & Touche. “Too often, information security is considered a technology issue, when it is actually a business management responsibility. The advice in Top Actions helps information security managers address the priorities and requirements of the organization as a whole.”
br>About ITGI
br>The IT Governance Institute® (ITGI) (www.itgi.org) was established in 1998 to advance international thinking and standards in directing and controlling an enterprise’s information technology. Effective IT governance helps ensure that IT supports business goals, optimizes business investment in IT, and appropriately manages IT-related risks and opportunities. The IT Governance Institute developed Control Objectives for Information and related Technology (COBIT) and offers symposia, original research and case studies to assist enterprise leaders and boards of directors in their IT governance responsibilities.