Establishing A Business-Focused Security Assurance Programme: Confidence In Controls
How secure is your organisation’s information? At any given moment, can a security leader look an executive in the eye and tell them how well business processes, projects and supporting assets are protected?
The full Establishing A Business-Focused Security Assurance Programme: Confidence In Controls report, provides guidance on how to develop a security assurance programme that builds on compliance-based approaches, to truly focus on the needs of the business. It outlines the need for change towards a business-focused approach and introduces three fundamental elements, that underpin successful business-focused security assurance.
The ISF approach set out in this report helps to:
- identify the exact requirements business stakeholders have when discussing security assurance
- break down these requirements into manageable tasks
- determine which type of testing and data collection can help to provide security assurance
- apply a repeatable security assurance process across multiple target environments (i.e. business processes, projects and supporting assets, in specific business units and regions or across the organisation)
- choose relevant metrics and key indicators to measure and report on security performance
Discover how the ISF can help your organisation
Building A Successful SOC: Detect Earlier, Respond Faster
Building a successful Security Operations Centre (SOC) can greatly enhance the ability to detect and disrupt cyber attacks, protecting the business fr...
Standard of Good Practice for Information Security 2020
The goal of every information security professional is to enable the organisation to conduct its business safely and securely, and to successfully avo...