Establishing A Business-Focused Security Assurance Programme: Confidence In Controls
![Array](https://www.securityforum.org/wp-content/uploads/2021/04/Security-Assurance_LibraryThumb_912x526px-500x288-1-300x173.png)
How secure is your organisation’s information? At any given moment, can a security leader look an executive in the eye and tell them how well business processes, projects and supporting assets are protected?
The full Establishing A Business-Focused Security Assurance Programme: Confidence In Controls report, provides guidance on how to develop a security assurance programme that builds on compliance-based approaches, to truly focus on the needs of the business. It outlines the need for change towards a business-focused approach and introduces three fundamental elements, that underpin successful business-focused security assurance.
The ISF approach set out in this report helps to:
- identify the exact requirements business stakeholders have when discussing security assurance
- break down these requirements into manageable tasks
- determine which type of testing and data collection can help to provide security assurance
- apply a repeatable security assurance process across multiple target environments (i.e. business processes, projects and supporting assets, in specific business units and regions or across the organisation)
- choose relevant metrics and key indicators to measure and report on security performance
![](https://www.securityforum.org/wp-content/uploads/2021/04/nastya-dulhiier-OKOOGO578eo-unsplash-300x188.jpg)
Discover how the ISF can help your organisation
If you are not a Member of the ISF and are interested in finding out more about ISF Research or ISF Membership, then please get in touch today.