Using the ISF’s Risk Manager helps your organisation to:
- Focus information security resources where they’re most needed
- Increase customers’ trust in your business
- Lower the frequency and severity of information breaches
- Reduce time analysing your information risk
- Cap your information risk management costs
- Meet legal and regulatory requirements
What does the ISF’s Risk Manager involve?
Based on our renowned Information Risk Analysis Methodology(IRAM), Risk Manager has three phases:
Phase 1: Business Impact Assessment
Assesses the potential level of business impact and determines the security requirements for protecting information in critical business applications.
Phase 2: Threat and Vulnerability Assessment
Determines the likelihood of particular threats to exploit vulnerabilities and cause business impact.
Phase 3: Control Selection
Evaluates and selects controls to help you mitigate threats to your business.
Implementing Risk Manager
Risk Manager with analyst support is available on a 12-month contract for unlimited use across your business.
All Risk Manager users will receive a set of guidance documents to help them through the phases of the tool
This service is available to both ISF Members and non-member organisations.