. home.aspx



Security Should Be Business Focused, Says ISF

June 19, 2019 / Kacy Zurkus

A security assurance program that focuses on business needs can help organizations meet the needs of business stakeholders, according to a new report released by Information Security Forum (ISF). The report, Establishing a Business-Focused Security Assurance Program, offers organizations ways to establish a security assurance program that takes a business-focused approach by “identifying how to move from current to future approaches, introducing three fundamental elements that underpin successful business-focused security assurance and describing a repeatable process to provide security assurance.” Given that implementation of security assurance programs vary significantly among businesses, the report is an effort to formalize the structure through four strategic objectives:  Identifying the specific needs of different business stakeholders. Testing and verifying the effectiveness of controls, rather than focusing purely on whether the right ones are in place.