return to research
Research
Establishing A Business-Focused Security Assurance Programme: Confidence In Controls
riskgovernancecompliancepeople

A security assurance programme built for the future
Download the executive summary
How secure is your organisation’s information? At any given moment, can a security leader look an executive in the eye and tell them how well business processes, projects and supporting assets are protected?
The full Establishing A Business-Focused Security Assurance Programme: Confidence In Controls report, provides guidance on how to develop a security assurance programme that builds on compliance-based approaches, to truly focus on the needs of the business. It outlines the need for change towards a business-focused approach and introduces three fundamental elements, that underpin successful business-focused security assurance.
The ISF approach set out in this report helps to:
- identify the exact requirements business stakeholders have when discussing security assurance
- break down these requirements into manageable tasks
- determine which type of testing and data collection can help to provide security assurance
- apply a repeatable security assurance process across multiple target environments (i.e. business processes, projects and supporting assets, in specific business units and regions or across the organisation)
- choose relevant metrics and key indicators to measure and report on security performance

Discover how the ISF can help your organisation
If you are not a Member of the ISF and are interested in finding out more about ISF Research or ISF Membership, then please get in touch today.
Get in touch
Supporting Content
A security assurance programme built for the future
Download the executive summary