University of Southern California

USC Marshall Institute Licenses New Information Security Model
ICIIP’s Meister: Like Quality or Customer Service, IT Security is Everyone's Responsibility
October 27, 2008 • by News at Marshall

The University of Southern California Marshall School of Business's Institute for Critical Information Infrastructure Protection (ICIIP) has entered a license agreement with the Information Systems Audit and Control Association (ISACA), which serves IT Governance Professionals, to develop and implement its Systemic Security Management Model, a strategic framework for implementing information technology security systems within companies and organizations.

"Our model simply takes the tactical, technical and strategic initiatives of an enterprise into consideration: Security is not a technology problem alone. Traditionally, frameworks for looking at security have considered people (employees), process (controls that are in place to ensure security) and technology. We're unique in that we've added the concept of organizational design, governance and risk," says Charles P. Meister, executive director of the USC Marshall ICIIP, which investigates issues in information security and ways to protect information infrastructures through research, awareness programs, executive education and the development of coursework.

The ICIIP's Systemic Security Management model (SSM) incorporates a company's strategic business objectives while keeping its critical information secure. The model is expected to be developed by ISACA and ICIIP into a practical application that can be tailored to an organizations individual needs and goals.

"We're developing the formulas to help people interact with technology while improving business results and minimizing the exposure to risk factors. There are a lot of issues to balance and one of the tacks of the framework includes trying to show people that security isn’t just the responsibility of IT, it's like quality or customer service, it has to be thought of as everyone's responsibility."

The licensing agreement will help further the development of the model through additional research, the creation of additional tools, and the development of executive education coursework.

"The work we have thus far accomplished on the model will provide fertile ground for the additional research that lies ahead," adds Meister. "Partnering with ISACA will help SSM to have a profound impact on the global Information Security Industry".

The Information Systems Audit and Control Association, ISACA, is a recognized worldwide leader in IT governance, control, security and assurance, serving more than 80,000 members who are IT governance professionals in more than 140 countries.

"We're thrilled to enter into an agreement with the Marshall School of Business to develop the Systemic Security Management Model and provide materials based on the Model that would be useful to information security managers and information systems auditors around the world," says ISACA President, Susan Caldwell. "ISACA recognizes the significance of the Systemic Security Management Model that has been developed by USC’s ICIIP and the benefit a systemic model can provide for information security management is apparent."

The evolution and acceptance of the model will require ongoing research into trends and issues particular to information security and organizational needs for the protection of information.

About the USC Marshall School of Business
Consistently ranked among the nation's premier schools, USC Marshall is internationally recognized for its emphasis on entrepreneurship and innovation, social responsibility and path-breaking research. Located in the heart of Los Angeles, one of the world's leading business centers and the U.S. gateway to the Pacific Rim, Marshall offers its 5,700-plus undergraduate and graduate students a unique world view and impressive global experiential opportunities. With an alumni community spanning 123 countries, USC Marshall students join a worldwide community of thought leaders who are redefining the way business works.