The Alliance for Enterprise Security Risk Management: A partnership of the three leading international security organizations, formed to address issues surrounding the convergence of traditional and logical security.

New Study: Security Convergence Grows Globally, But in Different Directions

Rolling Meadows, IL, USA (18 October 2006) — Security convergence is growing beyond the US borders and becoming a global trend, according to a new study conducted by The Alliance for Enterprise Security Risk Management (AESRM), a group formed by leading security organizations ASIS International, ISACA and the Information Systems Security Association (ISSA).

However, Convergence of Enterprise Security Organizations: International Views finds that US and non-US based organizations differ when describing the effect of compliance on security efforts. According to the report, US companies view compliance as a business goal, but non-US organizations indicate that placing too strong a focus on compliance can distort corporate risk agendas and responsibilities, leading to a false sense of security.

Despite these differences, the study reveals that the same five factors are causing companies around the world to integrate their physical and information security teams:

  • Rapid expansion of the enterprise
  • A value shift from physical assets to information-based assets
  • New technologies blurring functional boundaries
  • New compliance regulations and legislation
  • Continuing pressure to reduce costs

Within US and non-US companies, senior risk executives are rising in reporting hierarchies, with many leading companies creating new positions and appointing a chief risk officer or head of risk services. The report also noted that more companies worldwide are creating risk councils.

“Most organizations now realize that loss of information can be just as damaging as loss of a facility or inventory,” said Ray O’Hara, CPP, chairman of the AESRM. “Companies around the world are recognizing that converging their information and security departments is the best way to minimize risk and add value to the business.”

The study, which examined non-US senior security executives’ views on convergence, is a follow-up to AESRM’s 2005 US study. Results of the 2006 study are available as a complimentary download at www.aesrm.org.

About AESRM
The Alliance for Enterprise Security Risk Management (www.aesrm.org) is a partnership of three leading security organizations—ASIS International, ISACA and ISSA—formed to address issues surrounding the convergence of traditional and logical security.

About ASIS International
ASIS International (www.asisonline.org) is the preeminent organization for security professionals, with more than 34,000 members worldwide. Founded in 19855, ASIS is dedicated to increasing the effectiveness and productivity of security professionals by developing educational programs and materials that address broad security interests, such as the ASIS Annual Seminar and Exhibits, as well as specific security topics. ASIS also advocates the role and value of the security management profession to business, the media, government entities and the public. By providing members and the security community with access to a full range pf programs and services, and by publishing the industry’s number one magazine — Security Management — ASIS leads the way for advanced and improved security performance.

About ISACA
With more than 50,000 members in more than 140 countries, ISACA (www.isaca.org) is a recognized worldwide leader in IT governance, control, security and assurance. Founded in 1969, ISACA sponsors international conferences, publishes the Information Systems Control Journal, develops international information systems auditing and control standards, and administers the globally respected Certified Information Systems Auditor designation, earned by more than 48,000 professionals since inception, and the Certified Information Security Management designation, a groundbreaking credential earned by more than 6,000 professionals since it was established in 2002.

About ISSA
The Information Systems Security Association (ISSA) (www.issa.org), with more than 13,000 individual members and 106 chapters around the world, is the largest international, not-for-profit association for information security professionals. It provides educational forums, information resources and peer interaction opportunities to enhance the knowledge, skill and professional growth of its members. ISSA members are consistently recognized as experts on critical issues in the area of information security, and the association is viewed as an important resource for small businesses, global enterprises and government organizations alike. Working closely with other industry organizations such as (ISC)2, ASIS and ISACA, and leading worldwide initiatives like the GISP and the recommended CISO education curriculum, ISSA is focused on providing leadership and maintaining its role as The Global Voice of Information Security.

Media Contacts
For ASIS: Chris Flynn, cflynn@asisonline.org, 703.518.1466
For ISACA: Kristen Kessinger, kkessinger@isaca.org, 847.590.7455
For ISSA: Ira Winkler, iraw@isag.com, 443.994.0245

 

 

 

 

Copyright © AESRM 2008, All Rights Reserved.