How secure is your organisation’s information? At any given moment, can a security leader look an executive in the eye and tell them how well business processes, projects and supporting assets are protected?

The full Establishing A Business-Focused Security Assurance Programme: Confidence In Controls report, provides guidance on how to develop a security assurance programme that builds on compliance-based approaches, to truly focus on the needs of the business. It outlines the need for change towards a business-focused approach and introduces three fundamental elements, that underpin successful business-focused security assurance.

The ISF approach set out in this report helps to:

  • identify the exact requirements business stakeholders have when discussing security assurance
  • break down these requirements into manageable tasks
  • determine which type of testing and data collection can help to provide security assurance
  • apply a repeatable security assurance process across multiple target environments (i.e. business processes, projects and supporting assets, in specific business units and regions or across the organisation)
  • choose relevant metrics and key indicators to measure and report on security performance

For further information and a high level overview of the full report download our complimentary Executive Summary.

If you would like to access the full report and are not an ISF member, please contact our team.

Executive Summary and Press Release

Establishing A Business-Focused Security Assurance Programme: Confidence In Controls

Please fill out the form below to download a complimentary Executive Summary and Press Release .