The ISF’s Information Risk Assessment Methodology 2 (IRAM2) has been designed to help organisations better understand and manage their information risks. This new methodology provides risk practitioners with a complete end-to-end approach to performing business-focused information risk assessments.
As a fundamental information risk management technique, IRAM2 will help organisations to:
- Apply a simple, practical, yet rigorous approach: Focus on simplicity and practicality, while embedding rigour throughout the assessment process. This enables consistent results and a depth of analysis that enhances business decision-making.
- Speak a common language: Provide a common vocabulary and framework, enabling information risk practitioners and management to form a unified view of information risk across different areas of the business, and better integrate into enterprise risk management.
- Focus on the business perspective: Guide information risk practitioners’ analysis so that information risk is assessed from the perspective of the business. The end result is a risk profile that reflects a view of information risk in business terms.
- Obtain a greater coverage of risks: Enable a broader and more comprehensive risk coverage, thereby reducing the chance that a significant risk will be overlooked.
- Focus on the most significant risks: Allow key business and technology stakeholders to obtain a clear picture of where to focus resources, in order to deal with information risks that are most significant to the organisation.
- Engage with key stakeholders: Empower information risk practitioners to engage with key business, risk and technology stakeholders in an organised and enterprise-aware manner.
Organisations who are not ISF Members can purchase access to ISF’s Risk Manager tool which will help you to identify, analyse and manage information risk across your business.
Please fill out the form below to download a complimentary Executive Summary.