- Who is ISAF UK?ANSWER: The Information Security Awareness Forum (ISAF) draws its membership from the most influential groups and industry bodies in the UK with an interest in raising awareness of the need for information security.
We have addressed the importance of risk management before. Since the current financial crisis, all of us have become aware (if we were not before that is 
) that risk assessment and risk management matters a great deal.
Moreover, corporate governance requires adequate risk management (e.g., Sarbanes-Oxley) that must go beyond financial risk management. Here, assessing of information risks and management is a critical activity.
Risk-related regulations require that:
1) the board must understand what measures were taken to manage risks (e.g., financial and informational risks),
2) the board must be satisfied and confirm that it is satisfied that these measure suffice (e.g., Sarbanes-Oxley)
We have discussed this here:
risk assessment & security metrics
Now we have been informed that the TheISAD – UK has publised several directors’ guides regarding risk assessment and risk management. There are three guides that make up together the Directors’ Guides for Managing Information Security Risk. Download them here for free:
| Also of interest: | |
 InfoSec – follow us on Twitter |
sign up to our alerts about zero-day exploits and newsletters here |
 CASEScontact follow us on Twitter |
What is Twitter good for |
Bottom Line
If you are a member of a board of directors of company, check out the above guides and get a better handle on the issues you must manage to stay compliant. It is worth the trouble.If you are on Twitter – sign up to our feeds above.
No Responses to “Research that matters – ISAF UK – director’s guides for managing information security risk”
There are no comments yet...Kick things off by filling out the form below.