A management diagnostic, designed to assist information security leaders in understanding how to meet business requirements and manage a security function, has been produced by the Information Security Forum (ISF) www.securityforum.org
Organisers say that the new Security Management Diagnostic represents a new way of bridging the security and business divide, based on the experiences of over 160 security professionals from some 100 ISF member organisations from around the world.
By comparing information security and business perspectives, the diagnostic tool rapidly highlights areas of alignment and misalignment. The results also help to ‘sell’ security within an organisation at the highest level and provide a framework to discuss and review information security strategy, resources and performance.
Currently only available to ISF Members, The Security Management Diagnostic is designed as an online questionnaire to create a detailed profile of the information security function, focusing on areas such as service delivery, communications and performance measurement. The two-part diagnostic also examines the information security leader’s profile from security and business perspectives, to understand their strengths and weaknesses and how they relate and communicate with the business.
"The diagnostic makes no judgement about how security is delivered," says Adrian Davis, Senior Research Consultant and project leader, "but rather focuses on how well security is meeting business requirements."
"If the business wants an information risk consultancy but the security function is delivering a technology-focused, checklist-based service, then there is a real problem. That’s what this diagnostic can assist in discovering and resolving," adds Davis.
The ISF Standard of Good Practice for Information Security 2007 has recently been published and is available free to non-members at