If you have a turnover of less than £160 million, joining us provides the information security experts in your organisation with a wide range of benefits that include:
- Online access to the ISF’s library of research deliverables including the ISF Standard of Good Practice for Information Security
- Online access to the ISF Risk Manager tool and the ISF Security Healthcheck tool
- The opportunity to participate in a more detailed ISF Benchmark service upon payment of an incremental fee
- Preferential rates when purchasing professional support to implement ISF deliverables within your organisation through the ISF Services to Assist programme
- Attendance at ISF Workshops and Chapter Meetings, subject to space availability
- One delegate place to attend the ISF Annual World Congress. Additional places may be purchased subject to paying the normal Member additional delegate fee.
- Preferential rates for Sponsorship at the ISF’s Annual World Congress and at global ISF Chapter Meetings.
Tools for Small to Medium Enterprises
We have a variety of risk assessment tools to help small to medium businesses. They include:
The Standard of Good Practice for Information Security
This definitive reference guide helps you to understand your exposure to risk across your business. The Standard is updated biannually to address the rapid pace at which threats and risk evolve. It encompasses every aspect of information security across four key areas: security governance, security requirements, control framework and security monitoring and improvement. Furthermore, it provides complete coverage of ISO/IEC27002, COBIT5 for Information Security and the SANS Top 20 Critical Security Controls.
The Security Healthcheck
Measure your company’s security status with our quick and easy self-assessment tool (e.g. business units or critical business applications). Used together with the Standard of Good Practice for Information Security, these powerful tools help boost your risk management and compliance.
The Risk Manager
Our flexible tool helps you assess your information risk and quickly identify the right controls, focusing your resources where they are most needed. It consists of three phases:
Phase 1: Business Impact Assessment – assesses the potential level of business impact and determines the security requirements for protecting information in critical business applications.
Phase 2: Threat and Vulnerability Assessment – determines the likelihood of particular threats to exploit vulnerabilities and cause business impact.
Phase 3: Control Selection – evaluates and selects controls to help you mitigate threats to your business.