What is the Information Security Forum (ISF)? Well, this post will give you an idea of what ISF all about. So, take time to read this post. Now, let’s begin!
About The Information Security Forum
1989 was the year when ISF was founded. It’s an independent and non-profit organization.
In fact, most of its members comprise leading organizations worldwide. Additionally, this organization dedicates itself to the following:
- Clarifying and resolving key issues (with regards to cyber)
- Infosec and risk management
- Developing best practices
- Processes and solutions (which fulfills its member’s business needs)
Besides, ISF members benefit a lot. That’s because they harness and share in-depth knowledge. They also learn from practical experiences from within the organization.
Additionally, ISF gives a confidential forum and framework. But, what is its purpose? Well, it ensures its members adopt leading-edge infosec strategies and solutions.
So by working together, ISF members reach the same goals. Without having major expenditures. Moreover, consultancy services are also available.
Manage Information Risk – How ISF Do It
To manage risk, you need to plan for it. Why is planning important?
Well, effective management of information risk has never been as critical as today. That’s true especially if organizations are to stay resilient. While at the same time, pursuing strategic goals.
Besides, cyber and information risk is broad. So, organizations must give the same level of attention. As it is with other risk management today.
Thus, the Information Security Forum developed research and tools. What do these tools offer? Well, it gives organizations a “think outside the box” approach.
These approaches can be strategic, compliance-driven, or process approaches. Moreover, you can use these tools as an individual or together as a suite.
Information Security Forum’s Tool To Manage Risk
The Research Programme
The Research Programme covers a broad range of essential infosec topics. This also includes the annual “Threat Horizon” series.
Additionally, outputs are in the form of a report. And the Supplier Security Evaluation Tool (SSET) supports this project. Because of this, organizations can efficiently implement recommendations in the report.
The Standard Of Good Practice For Information Security
Also known as “The Standard”, this tool is the most comprehensive. It’s also the current source of infosec controls available.
As a result, organizations can adopt good practices in response to evolving threats. Besides, many used “The Standard” as their primary reference for infosec.
The ISF Benchmark
It is an unrivaled strategic tool. What’s the use of this tool? Well, organizations are using ISF Benchmark to improve their infosec arrangements. Besides, this tool allows organizations to evaluate their security performance.
Also, you can do that at 3 different analysis level:
- High-level questionnaire
- Mid-level questionnaire
- Deep-dive investigative questionnaire
Information Risk Assessment Methodology 2 (IRAM2)
This tool is an end-to-end approach to presenting a business-focused view of information risk. Besides, implementing it has the following benefits:
- Apply a simple and practical approach
- Focus on the business perspective
- Obtain a greater coverage of risks
- Focus on the most significant risks
- Engage with key stakeholders
Moreover, IRAM2 is set out in 6 phases. And each phase details the steps and key activities to achieve the phase objectives. It’s also flexible, easy to use, and adaptable.