Global IT association ISACA commends the Ponemon Institute's latest Cost of Cybercrime report for the detail it provides on the indirect costs of IT security attacks, as well as the news that organisations are focusing more resources on their security forensics and detection methodologies.
According to the Ponemon report, early-detection security technologies can help reduce costs if they are deployed properly and monitored.
"More than anything, this strengthens our on-going commitment at ISACA to educate business professionals on the need for security planning and, by implication, enterprise governance of IT," said Rolf von Roessing, CISA, CISM, CGEIT, member of ISACA's COBIT Security Task Force.
"With nearly 100,000 members, our not-for-profit information security, assurance and governance association is well placed to provide the education that is required to improve the governance, risk management and compliance requirements that this report identifies as being central to countering the costly problem of cyber crime," he added.
Von Roessing went on to say that these issues are central to ISACA's strategy with its globally respected COBIT framework, version 5 of which is available for public exposure through 18 September.
COBIT, he explained, is a supporting tool set that allows managers to bridge the gap among control requirements, value creation, technical issues and business risks in their organisation.
Part of the framework's benefits, said von Roessing, is that it delivers the most up-to-date thinking in enterprise governance and security management.
Enterprises of all sizes around the world have implemented COBIT to help manage their IT-related risks and increase their levels of confidence in the information.
"COBIT supports the development of clear policies and good practice for management, as well as increasing the value they achieve from their IT and compliance," he said, adding that the just-issued Ponemon report confirms the need for networking intelligence, security event management, governance, risk management and compliance.
At the same time, the report identifies the downward pressure on costs associated with these vital security activities in the enterprise environment, which is where the COBIT advantage enters the frame, since it allows management to plan and deploy their security systems and technologies in the most effective manner possible.
According to von Roessing, any organisation can throw unlimited money and resources at a problem and potentially lose a lot. However, deploying effective information security with a reasonable cost-benefit ratio requires more than that: planning and, by implication, effective governance and risk management.
"COBIT can greatly assist in this regard. It has built tremendous credibility through the collaborative development process that brings together the talents and expertise of security industry leaders around the world," he said.
"COBIT 5 will build and expand on COBIT 4.1 by connecting with other major frameworks, standards and resources, and integrating other ISACA guidance including Val IT, Risk IT, the IT Assurance Framework and the Business Model for Information Security (BMIS)into one cohesive and comprehensive picture," he added.
"It will help enterprises ensure they can have trust in, and obtain value from, their information systems."