Establishing A Business-Focused Security Assurance Programme: Confidence In Controls
How secure is your organisation’s information? At any given moment, can a security leader look an executive in the eye and tell them how well business processes, projects and supporting assets are protected?
The full Establishing A Business-Focused Security Assurance Programme: Confidence In Controls report, provides guidance on how to develop a security assurance programme that builds on compliance-based approaches, to truly focus on the needs of the business. It outlines the need for change towards a business-focused approach and introduces three fundamental elements, that underpin successful business-focused security assurance.
The ISF approach set out in this report helps to:
- identify the exact requirements business stakeholders have when discussing security assurance
- break down these requirements into manageable tasks
- determine which type of testing and data collection can help to provide security assurance
- apply a repeatable security assurance process across multiple target environments (i.e. business processes, projects and supporting assets, in specific business units and regions or across the organisation)
- choose relevant metrics and key indicators to measure and report on security performance
Discover how the ISF can help your organisation
If you are not a Member of the ISF and are interested in finding out more about ISF Research or ISF Membership, then please get in touch today.
