In governments that place less importance on the needs and
risks associated with the security of the information that is
stored, transported and processed by their IT systems, the
information security manager may find it easier to establish
a successful and sustainable ISM function by implementing a
model that includes information security policy, information
security awareness, IAM, network and data security,
information security monitoring, and risk assessment and
contingency as functional pillars. These functions should
be supported by continuous measurement and compliance,
development, and appropriate budgeting and staffing.
ENDNOTES
1 Roth, Jeff; “Evolution of Federal Cybersecurity—From
Individual Controls to Systems of Control,” JournalOnline,
ISACA Journal, vol. 5, 2010, www.isaca.org/journalonline
2 In 2004, in recognition of the emerging threats to the
Internet and related computer systems, the Organization
of American States (OAS) General Assembly adopted a
“comprehensive inter-American strategy to combat threats
to cybersecurity.” The strategy calls for all member states
to establish or identify national “alert, watch and warning”
groups known as computer security incident response teams
(CSIRTs) and to take the necessary measures to prevent
cyberthreats, prosecute cybercrimes and promote a culture
of awareness in their countries. To help implement these
three pillars of strategy, three OAS committees joined
forces—the Inter-American Committee Against Terrorism
(CICTE), the group of governmental experts on cybercrime
of the Meeting of Ministers of Justice or of Ministers or
Attorneys General of the Americas (REMJA), and the Inter-American Telecommunications Commission (CITEL).
3 National Institute of Standards and Technology (NIST),
Contingency Planning Guide for Information Technology
Systems, USA, 2002, www.itl.nist.gov/lab/bulletns/
bltnjun02.htm
