An innovative management diagnostic, designed to assist information
security leaders in understanding how to meet business requirements and
manage a security function, has been produced by the Information
Security Forum (ISF) The new Security Management Diagnostic represents a
new way of bridging the security and business divide, based on the
experiences of over 160 senior security professionals from some 100
major ISF Member organisations from around the world.
By accurately comparing information security and business
perspectives, the diagnostic tool rapidly highlights areas of alignment
and misalignment. The results also help to 'sell' security
within an organisation at the highest level and provide a framework to
discuss and review information security strategy, resources and
performance.
Currently only available to ISF Members, The Security Management
Diagnostic is designed as a simple, easy-to-complete online
questionnaire to create a detailed profile of the information security
function, focusing on areas such as service delivery, communications and
performance measurement. The two-part diagnostic also examines the
information security leader's profile from both security and
business perspectives, to understand their strengths and weaknesses and
how they relate and communicate with the business.
"The diagnostic makes no judgement about how security is
delivered," says Adrian Davis, Senior Research Consultant and
project leader, "but rather focuses on how well security is meeting
business requirements."
"If the business wants an information risk consultancy but the
security function is delivering a technology-focused, checklist-based
service, then there is a real problem. That's what this diagnostic
can assist in discovering and resolving," adds Davis.
The Information Security Forum is a not-for-profit international
association of over 300 leading organisations, which fund and co-operate
in the development of practical, business driven solutions to
information security and risk management problems. The ISF undertakes a
leading-edge research programme and has invested more than US$100
million to create a library of over 200 authoritative reports along with
information risk methodologies and tools that are available free of
charge to ISF Members.
In addition, the ISF Standard of Good Practice for Information
Security 2007 has recently been published and is available free to
non-members at www.isfstandard.com.
COPYRIGHT 2007 A.P. Publications
Ltd. Reproduced with permission of the copyright holder. Further reproduction or distribution is prohibited without permission.
Copyright 2007, Gale Group. All rights
reserved. Gale Group is a Thomson Corporation Company.
NOTE: All illustrations and photos have been removed from this article.