return to tools
Tool

Information Risk Assessment Methodology 2 (IRAM2)

riskransomwaretechnology
Array
Identify, assess and treat your information risk
Download the executive summary

IRAM2 is a unique methodology for assessing and treating information risk. It includes guidance for risk practitioners to implement the six-phase process, consisting of Scoping, Business Impact Assessment, Threat Profiling, Vulnerability Assessment, Risk Evaluation, and Risk Treatment.

As a fundamental information risk management technique, IRAM2 will help organisations to:

  • Apply a simple, practical, yet rigorous approach: Focus on simplicity and practicality, while embedding rigour throughout the assessment process. This enables consistent results and a depth of analysis that enhances business decision-making.
  • Speak a common language: Provide a common vocabulary and framework, enabling information risk practitioners and management to form a unified view of information risk across different areas of the business, and better integrate into enterprise risk management.
  • Focus on the business perspective: Guide information risk practitioners’ analysis so that information risk is assessed from the perspective of the business. The end result is a risk profile that reflects a view of information risk in business terms.
  • Obtain a greater coverage of risks: Enable a broader and more comprehensive risk coverage, thereby reducing the chance that a significant risk will be overlooked.
  • Focus on the most significant risks: Allow key business and technology stakeholders to obtain a clear picture of where to focus resources, in order to deal with information risks that are most significant to the organisation.
  • Engage with key stakeholders: Empower information risk practitioners to engage with key business, risk and technology stakeholders in an organised and enterprise-aware manner.

IRAM2 is supported by four IRAM2 Assistants, each accompanied by a practitioner guide, that help automate one or more phases of the methodology. Additionally, IRAM2 is supported by the IRAM2 WebApp, which is an online assessment tool for performing information risk assessments using the ISF IRAM2 information risk assessment methodology.

To find out more about an ISF Member that has benefitted from using IRAM2 click here.

Discover how the ISF can help your organisation

If you are not a Member of the ISF and are interested in finding out more about IRAM2 or ISF Membership, then please get in touch today.
Get in touch

Supporting content

Array
tool

ISF Aligned Tools Suite 2022

The ISF Aligned Tools Suite has been designed to help organisations maintain agility and confidence when meeting current challenges head on.

Read more on ISF Aligned Tools Suite 2022
Array
tool

The ISF Benchmark

The ISF Benchmark Executive Summary provides an easy to digest illustrative overview of how organisations can effectively use the ISF Benchmark to a...

Read more on The ISF Benchmark
Array
service

Risk Assessment and Review

Jump-start your organisation’s benefit from risk assessments to engage stakeholders and prioritise action effectively.

GET IN TOUCH on Risk Assessment and Review