Full title: Driving information risk out of the business.
Overview: This report quantifies the business risk of breakdowns in information security. It is based on the results of the ISF 1998 information security status survey – which led to a breakthrough in understanding why IT risk is so high. It describes what makes 'benchmark environments' differ from other environments and presents a model for driving down risks based on the security practices and procedures applied to benchmark environments. The experience of the off-shore oil industry is also featured. Guidance on how the model can be applied in is provided.
Published by: Information Security Forum (ISF)
Date published: April 1999
Status: Available to ISF Members.
Citicus role: A founder of Citicus carried out the research on which this report is based for and on behalf of the ISF, and was the principal author of the report.