New ISF report shows how governance can help information security align with overall corporate strategy and stakeholder value Friday 21 October 2011 PDF Print Media contact: Amanda Hassall, Director Six Degrees, 01628 480280/07855 359889 firstname.lastname@example.org @mandyhassall A new report from independent information security body, the Information Security Forum <http://www.securityforum.org> (ISF), provides organisations with a clear picture of how better governance can help the information security function raise its game within the business. Titled ‘Information Security Governance – raising the game’, the report outlines how adopting a governance-style approach can lift security out of its technical ‘comfort zone’ and into a wider business context. The ISF argues that while corporate governance is well-known and common practice, even obligatory, within the corporate environment, governance itself is not always present in information security – a critical part of any business. However, when the security function does adopt governance, it leads to better engagement with senior executives and other corporate governance functions, helping to foster better understanding, minimise risk and limit reputational damage. The report’s author and ISF Principal Analyst, Adrian Davis, comments: “Corporate information is becoming much more complex because the technologies and processes to manage it are becoming more complex. At the same time, information is much more susceptible to attack or abuse, as we’ve witnessed many times this year already. This new report shows how information security governance can become an integral part of corporate governance, demonstrating to a company’s stakeholders – customers, partners, shareholders and regulators – that corporate data is being protected according to industry best practice.” As with each new ISF report, ‘Information Security Governance – raising the game’ offers practical step-by-step guidance for businesses via a comprehensive security governance framework, developed using ISF Member experience, analysis, research, tools and workshops. This framework enables Members to demonstrate how information security can: · Deliver value to stakeholders: Improve effectiveness and efficiency; meet stakeholder requirements; enable business initiatives; and integrate with enterprise processes · Achieve strategic goals: Execute strategic objectives; set and refine information risk appetite; sustain buy-in and commitment; and maintain security requirements · Provide information risk assurance: Oversee assurance programme; implement risk assessment; ensure compliance; manage supply chain risk; and monitor and report on assurance. “As information security governance is an emerging concept and yet to be fully realised and understood by many organisations, this report is unique in providing practical hands-on guidance,” adds Adrian Davis. “It outlines the key components you need to have in place for effective information security governance, pointers to additional ISF materials and information to help determine if your current governance framework measures up, and most important, tools to check its levels of maturity.” An executive summary of the ‘Information Security Governance – raising the game’ report is available from the ISF website at: https://www.securityforum.org/?page=publicdownloadisg <https://www.securityforum.org/?page=publicdownloadisg> . The report also points to the new version of the ISF’s Standard of Good Practice (SoGP) launched in September 2011 and the ISO/IEC 27014 standard to help in the development of information security governance. Ends About the ISF Founded in 1989, the Information Security Forum is an independent, not-for-profit association of leading organisations from around the world. It is dedicated to investigating, clarifying and resolving key issues in information security and developing best practice methodologies, processes and solutions that meet the business needs of its Members. ISF Members benefit from harnessing and sharing in-depth knowledge and practical experience drawn from within their organisations and developed through an extensive research and work program. The ISF provides a confidential forum and framework, which ensures that Members adopt leading-edge information security strategies and solutions. And by working together, Members avoid the major expenditure required to reach the same goals on their own. Further information about ISF research and membership is available from www.securityforum.org <http://www.securityforum.org> . This press release was distributed by ResponseSource Press Release Wire on behalf of Six Degrees Limited in the following categories: Business & Finance, Computing & Telecoms, for more information visit https://pressreleasewire.responsesource.com/about.