The ISF’s Information Risk Assessment Methodology 2 (IRAM2) has been designed to help organisations better understand and manage their information risks. This new methodology provides risk practitioners with a complete end-to-end approach to performing business-focused information risk assessments.

As a fundamental information risk management technique, IRAM2 will help organisations to:

  • Apply a simple, practical, yet rigorous approach: Focus on simplicity and practicality, while embedding rigour throughout the assessment process. This enables consistent results and a depth of analysis that enhances business decision-making.
  • Speak a common language: Provide a common vocabulary and framework, enabling information risk practitioners and management to form a unified view of information risk across different areas of the business, and better integrate into enterprise risk management.
  • Focus on the business perspective: Guide information risk practitioners’ analysis so that information risk is assessed from the perspective of the business. The end result is a risk profile that reflects a view of information risk in business terms.
  • Obtain a greater coverage of risks: Enable a broader and more comprehensive risk coverage, thereby reducing the chance that a significant risk will be overlooked.
  • Focus on the most significant risks: Allow key business and technology stakeholders to obtain a clear picture of where to focus resources, in order to deal with information risks that are most significant to the organisation.
  • Engage with key stakeholders: Empower information risk practitioners to engage with key business, risk and technology stakeholders in an organised and enterprise-aware manner.

IRAM2 is supported by four IRAM2 Assistants, each accompanied by a practitioner guide, that help automate one or more phases of the methodology.

Consultancy services from the ISF provide Members with the opportunity to purchase short-term, professional support activities to supplement the implementation of ISF products including IRAM2.

Executive Summary

Information Risk Assessment<br>Methodology 2 (IRAM2)

Please fill out the form below to download a complimentary Executive Summary.