SAN FRANCISCO -- Three major security associations are teaming up to battle the increasingly perilous world of terrorism, cyberattacks, malware, online robbery and regulations. For now, they're a virtual alliance with no official name or headquarters.
"It is clear that management now must deal with security challenges that are unlike any that have been experienced before," Dave Cullinane, CISO of Washington Mutual and president of the Information Systems Security Association (ISSA), said during a press conference Wednesday.
The alliance, announced at the RSA Conference, consists of ASIS International, the Information Systems Audit and Control Association (ISACA) and ISSA. Members of these organizations said the alliance is needed because of the significant increase and complexity of security risks to international commerce. By pooling resources, the alliance hopes to better fight terrorism, cyberattacks and viruses, as well as online theft, fraud and extortion. The alliance said these threats require corporations to develop a more comprehensive approach to protect the enterprise, and it hopes to help make that happen.
"We no longer have the luxury of dealing with small, contained risks," Cullinane said. "Instead, management must contend with risks that are often international in scope, cross multiple areas of security expertise and can quickly impact the good reputation, finances or network presence of the organization."
Specifically, the alliance hopes to:
- Develop risk models that more fully qualify and quantify enterprise-wide security risks and potential impacts to the business;
- Raise awareness among executive management on the nature of existing and emerging threats and best security practices;
- Promote a common security management voice to legislators and government agencies; and
- Continue to define qualification, certification and training requirements for CSOs, CISOs and other security professionals.
"There are 80,000 security professionals behind this alliance, and it will change information security," said Jim Reavis, president of Ferndale, Wash.-based Reavis Consulting Group and vice president of ISSA.
The alliance will also focus on research projects, seminars and other educational offerings, since today's CSO and CISO must be expert in many areas of security and control, particularly in the wake of Sarbanes-Oxley and other regulatory requirements, members said.