The Information Security Forum (ISF) has debuted Protecting the Crown Jewels, a structured, methodical process for determining the approaches required to protect mission-critical information assets.
In tandem, the ISF is launching its global ISF Consultancy Services, which offers short-term, professional counsel to support the implementation of ISF resources and products.
Conventional approaches to deploying security controls seldom provide appropriate or sufficient protection for mission-critical information assets, the ISF noted. Protecting the Crown Jewels utilizes the ISF Protection Process, which uses a four-step best-practice methodology. First, organizations should identify mission-critical information assets, based on value and risk to the organization and the potential business impact if compromised; then, assess the adversarial threats to these assets, such as a competitor stealing trade secrets or an extremist group launching a serious cyberattack; organizations should then determine the most appropriate approaches to protection; and finally, they should implement approaches that will deliver comprehensive, balanced and end-to-end protection.
“Businesses must prioritize the protection of mission-critical information assets. Far too often, organizations consider the value of these assets, but fail to recognize the extent to which they are exposed to global security threats,” said Steve Durbin, managing director, ISF. “Organizations that recognize both the value of, and the risks to, these assets will be best positioned to take advantage of the comprehensive, balanced, end-to-end protection that the ISF Protection Process delivers.”
The ISF Protection Process can be used in isolation or embedded into the broader protection capability of an organization. This capability consists of a range of different supporting elements, typically comprising: governance, risk management and compliance (GRC); people; technology; and security assurance.
Durbin added, “Businesses should give careful consideration to all of the ISF resources in the Protecting the Crown Jewels series, including the ISF Standard of Good Practice for Information Security, Benchmark and IRAM2: The next generation of assessing information risk.”
Meanwhile, the ISF Consultancy Services provide independent and objective guidance, support and training for information security professionals to build and embed cyber resilience in their organizational structure, planning processes, information risk management and information security initiatives. They also include customized professional support and training.
“While ISF membership remains the foundation of our business, consultancy is a logical development of the services we provide and reflects the growing need for our members to address issues in cybersecurity in an agile, fast response manner,” Durbin said. “ISF consultants can assist with this by making use of proprietary ISF tools and methodologies which have been developed in association with members and in response to the needs of the world’s leading organizations. Organizations around the world trust the ISF to deliver in-depth knowledge, best practices and solutions that work, and with the introduction of ISF Consultancy Services, we will better help them to embed consistent, capable, objective information risk best practices across their entire business.”
Photo © marinini