The ISF’s Information Risk Assessment Methodology 2 (IRAM2) has been designed to help organisations better understand and manage their information risks. This new methodology provides risk practitioners with a complete end-to-end approach to performing business-focused information risk assessments.

As a fundamental information risk management technique, IRAM2 will help organisations to:

  • Apply a simple, practical, yet rigorous approach: Focus on simplicity and practicality, while embedding rigour throughout the assessment process. This enables consistent results and a depth of analysis that enhances business decision-making.
  • Speak a common language: Provide a common vocabulary and framework, enabling information risk practitioners and management to form a unified view of information risk across different areas of the business, and better integrate into enterprise risk management.
  • Focus on the business perspective: Guide information risk practitioners’ analysis so that information risk is assessed from the perspective of the business. The end result is a risk profile that reflects a view of information risk in business terms.
  • Obtain a greater coverage of risks: Enable a broader and more comprehensive risk coverage, thereby reducing the chance that a significant risk will be overlooked.
  • Focus on the most significant risks: Allow key business and technology stakeholders to obtain a clear picture of where to focus resources, in order to deal with information risks that are most significant to the organisation.
  • Engage with key stakeholders: Empower information risk practitioners to engage with key business, risk and technology stakeholders in an organised and enterprise-aware manner.

IRAM2 is supported by four IRAM2 Assistants, each accompanied by a practitioner guide, that help automate one or more phases of the methodology.

Consultancy services from the ISF provide Members with the opportunity to purchase short-term, professional support activities to supplement the implementation of ISF products including IRAM2.

Executive Summary

Information Risk Assessment<br>Methodology 2 (IRAM2)

Please fill out the form below to download a complimentary Executive Summary.

Please provide your details to download this document:

The Information Security Forum (ISF) is a data controller for the personal data collected on this website.

For information on how we collect and use your personal data, please read our Privacy Notice.

Please read and agree with our Terms Of Use.

From time to time, the ISF would like to contact you regarding our latest products, services and events.

By ticking the relevant boxes below, please indicate your preferences on how you want to be contacted:

You can update your preferences at any time, or withdraw consent after submission by going to the ‘Already Registered’ tab.

Please enter the email address you previously registered with to access the download:

You have previously downloaded from our website. For more information on how we use your personal information, please see our Privacy Notice.

Please refamiliarise yourself with our Terms Of Use.

To update your preferences on how you would like to be contacted by the ISF, please indicate below:

To unsubscribe from all ISF communications. Click here: