Information Security Forum releases tool to help security managers to manage
12 November 2007: An innovative management diagnostic, designed to assist information security leaders in understanding how to meet business requirements and manage a security function, has been produced by the Information Security Forum (ISF).
The new Security Management Diagnostic represents a new way of bridging the security and business divide, based on the experiences of over 160 senior security professionals from some 100 major ISF Member organisations from around the world.
By accurately comparing information security and business perspectives, the diagnostic tool rapidly highlights areas of alignment and misalignment. The results also help to ‘sell’ security within an organisation at the highest level and provide a framework to discuss and review information security strategy, resources and performance.
Currently only available to ISF Members, The Security Management Diagnostic is designed as a simple, easy-to-complete online questionnaire to create a detailed profile of the information security function, focusing on areas such as service delivery, communications and performance measurement. The two-part diagnostic also examines the information security leader’s profile from both security and business perspectives, to understand their strengths and weaknesses and how they relate and communicate with the business.
“The diagnostic makes no judgement about how security is delivered,” says Adrian Davis, Senior Research Consultant and project leader, “but rather focuses on how well security is meeting business requirements.”
“If the business wants an information risk consultancy but the security function is delivering a technology-focused, checklist-based service, then there is a real problem. That’s what this diagnostic can assist in discovering and resolving,” adds Davis.
The Information Security Forum is a not-for-profit international association of over 300 leading organisations, which fund and co-operate in the development of practical, business driven solutions to information security and risk management problems. The ISF undertakes a leading-edge research programme and has invested more than US$100 million to create a library of over 200 authoritative reports along with information risk methodologies and tools that are available free of charge to ISF Members.
In addition, the ISF Standard of Good Practice for Information Security 2007 has recently been published and is available free to non-members at
www.isfstandard.com.
