return to research
Research

Establishing A Business-Focused Security Assurance Programme: Confidence In Controls

peopleriskcompliancegovernance
Establishing a Business-Focused Security Assurance Programme: Confidence in controls
Download the executive summary

How secure is your organisation’s information? At any given moment, can a security leader look an executive in the eye and tell them how well business processes, projects and supporting assets are protected?

The full Establishing A Business-Focused Security Assurance Programme: Confidence In Controls report, provides guidance on how to develop a security assurance programme that builds on compliance-based approaches, to truly focus on the needs of the business. It outlines the need for change towards a business-focused approach and introduces three fundamental elements, that underpin successful business-focused security assurance.

The ISF approach set out in this report helps to:

  • identify the exact requirements business stakeholders have when discussing security assurance
  • break down these requirements into manageable tasks
  • determine which type of testing and data collection can help to provide security assurance
  • apply a repeatable security assurance process across multiple target environments (i.e. business processes, projects and supporting assets, in specific business units and regions or across the organisation)
  • choose relevant metrics and key indicators to measure and report on security performance