How confident are you that your organisation’s security arrangements are effective? Can you demonstrate to senior stakeholders that investment in security provides value to the business?
In the face of an increasing range of threats and compliance obligations, organisations are struggling to assure the business that security investments have been effective in protecting information. Security leaders encounter challenges in terms of determining the level and type of security assurance required, and often lack the tools, resources and expertise to continually monitor and measure security performance.
“When it comes to security spending, it’s hard to demonstrate conclusively that the business is getting good value.”
– ISF Member
Security leaders are therefore looking for ways to increase the confidence of business leaders in security arrangements across the organisation. The ISF’s Establishing a business-driven security assurance programme project aims to provide guidance on how to prepare for, implement and maintain an effective security assurance programme.
The workshops will enable attendees to explore:
- common security assurance drivers
- key security assurance challenges
- components of a successful security assurance programme
- tools, techniques and methodologies for effective measurement of security
- ways to demonstrate the ongoing value of information security to the business.
Who should attend?
These workshops are aimed at those involved in implementing, managing an overseeing a security assurance programme. This includes Chief Information Security Officers (CISOs), Chief Information Risk Officers (CIROs), Information Security Managers and Security Auditors.