FIRM is a research-based methodology for measuring and managing information risk across enterprises of all types and sizes. It is published in the form of two volumes. The first, illustrated on the left, describes the methodology and the reasoning behind it; and explains how to gain support for the approach, and get it up and running.
The second presents definitions, case studies and worked examples of FIRM forms to help get a FIRM risk management process established.
Note: On publication, the ISF management team recognized that FIRM represented a fundamental breakthrough in managing information risk (hence its name) and opined that its development elevated the information security profession to a higher plane.
Since its publication, it has been used to conduct many thousands of evaluations, and has proven highly effective. By virtue of Citicus directors' role in its development, Citicus Limited has an exclusive perpetual license to provide FIRM automation for sale to ISF members and more widely.
|
