The ISF’s Information Risk Assessment Methodology 2 (IRAM2) is a globally recognised approach that enables risk practitioners to perform end-to-end business focused information risk assessment in a way that supports engagement with business stakeholders.
Our consultants will help your organisation realise the full potential of IRAM2 by:
- defining a risk appetite and supporting resources (for example, a Business Impact Reference Table) to reflect the risk posture of your management and nature of your business
- Identifying your threat profile to highlight threat actors, threat attributes and threat events that are relevant to your organisation.
- Assessing existing vulnerabilities
- Helping you to develop pragmatic risk treatment plans.
ISF consultants can either train your own staff to perform IRAM2 risk assessments, undertake full risk assessments for you, or deliver a combination of these approaches.
Case Study:
ISF Consultants helped a large organisation from the Oil and Gas sector to carry out the Scoping, Business Impact Assessment, Threat Profiling and Vulnerability Assessment phrases of IRAM2 risk assessment methodology, culminating in a comprehensive plan to mitigate risk to a critical business system.
Executive Summary

Please fill out the form below to download a complimentary Executive Summary.