ISF's Risk Management tool will help you to identify, analyse and manage information risk across your business.

Using the ISF’s Risk Manager helps your organisation to:

  • Focus information security resources where they’re most needed
  • Increase customers’ trust in your business
  • Lower the frequency and severity of information breaches
  • Reduce time analysing your information risk
  • Cap your information risk management costs
  • Meet legal and regulatory requirements

What does the ISF’s Risk Manager involve?


Based on our renowned Information Risk Analysis Methodology(IRAM), Risk Manager has three phases:

Phase 1: Business Impact Assessment

Assesses the potential level of business impact and determines the security requirements for protecting information in critical business applications.

Phase 2: Threat and Vulnerability Assessment

Determines the likelihood of particular threats to exploit vulnerabilities and cause business impact.

Phase 3: Control Selection

Evaluates and selects controls to help you mitigate threats to your business.

Implementing Risk Manager

Risk Manager with analyst support is available on a 12-month contract for unlimited use across your business.

All Risk Manager users will receive a set of guidance documents to help them through the phases of the tool

This service is available to both ISF Members and non-member organisations.

For more information on Risk Manager