New Information Security Forum Research Highlights Fundamentals of Engaged Reporting

NEW YORK - June 9, 2015 - PRLog -- The Information Security Forum (http://www.securityforum.org/) (ISF) today announced the launch of Engaged Reporting – Fact and Fortitude, the organizations latest report which provides a four-phase, practical approach for creating key performance indicators (KPIs) and key risk indicators (KRIs) that support informed decision-making. Engaged Reporting offers businesses of all sizes with the assurance that the Chief Information Security Officer (CISO) and the information security function are responding proactively to priorities and other needs of the business.

Organizations depend on reported information for fact-based assessments and decisions and informed decisions are based on an accurate view of performance and risk. The ISF approach for Engaged Reporting encourages CISOs to forge a path to having the right conversations with the right people.It has been designed to be applied at all levels of an organization, and consists of four phases:

1.     Establish relevance by engaging to understand the business context, identify common interests and develop combinations of KPIs and KRIs

2.     Generate insights by engaging to produce, calibrate and interpret KPI/KRI combinations

3.     Create impact by engaging to make recommendations relating to common interests and make decisions about next steps

4.     Learn and improve by engaging to develop learning and improvement plans

Organizations are constantly changing, and strategic aims, business objectives and functional initiatives will change as a result. With this change, the measures used to monitor performance and risk will evolve and so will the reporting requirements. CISOs must engage persistently to uncover common ground and key business drivers – to stay aligned with the strategic priorities of the organization.

“Now that cyber security has the attention of the board, and information risk is on the agenda, CISOs are being asked increasingly tough questions about security investment and risk,” said Steve Durbin, Managing Director, ISF. “It has never been more important for CISOs to be ready to answer these questions and articulate how the information security function is contributing to strategic priorities while helping to balance information risk. Unfortunately, many are struggling to do so.”

Recent ISF research has found that many CISOs are reporting the wrong KPIs and KRIs. In addition, they have little or no interaction with the audiences to whom they are reporting. They are guessing at what their audiences need and are missing the mark when attempting to provide ongoing management reporting on topics including information security effectiveness, organizational risk and information security arrangements. Engaged Reporting provides a way for CISOs to succeed by engaging with audiences to identify common interests, determine relevant data, generate reliable insights and create impact supported by the right KPIs and KRIs. This supports informed decision-making.

“Engagement builds relationships and improves understanding, allowing the CISO to better respond to the needs of the organization. It also helps the CISO stay close to the core business and can open doors that will give the CISO influence beyond reporting,” continued Durbin. “Our latest report provides guidance and mechanisms that will help CISOs, and their teams, turn technical security metrics into reporting that is aligned to the strategic aims and goals of the organization by virtue of meaningful conversations.”

Engaged Reporting provides a practical way of engaging with leaders in the organization to identify common interests to produce insights that are relevant. It is intended for use by CISOs and other information security professionals who collaborate to produce management reports to support informed decision-making. For more information, please visit the ISF website (http://www.securityforum.org/).

About the Information Security Forum

Founded in 1989, the Information Security Forum (ISF) is an independent, not-for-profit association of leading organizations from around the world. It is dedicated to investigating, clarifying and resolving key issues in cyber, information security and risk management and developing best practice methodologies, processes and solutions that meet the business needs of its Members.

ISF Members benefit from harnessing and sharing in-depth knowledge and practical experience drawn from within their organizations and developed through an extensive research and work program. The ISF provides a confidential forum and framework, which ensures that Members adopt leading-edge information security strategies and solutions. And by working together, Members avoid the major expenditure required to reach the same goals on their own.

Further information about ISF research and membership is available from www.securityforum.org.