Information security framework

• Provides repeatable, measurable planning processes and a roadmap to help you manage security in a way that supports competitiveness and growth
• Helps to identify gaps in your existing capabilities
• Helps you reach a desired security posture that meets business requirements
• Helps you prioritize security initiatives and determine how to invest for optimal return
• Simplifies and speeds the planning and execution of an enterprisewide security program

Establish a comprehensive approach to security based on best practices.

The IBM Information Security Framework is designed to provide a methodical and efficient approach to your security program - an approach that can help reduce the time, cost and resources needed to plan and deploy your strategy. By addressing key security themes across your enterprise, the framework can help you establish a view of your entire security landscape, identify potential capability gaps and prioritize initiatives for improvement. The offering includes the following:

• An information security capability reference model - the foundation for your security program, it is designed to address governance, privacy, threat mitigation, transaction and data integrity, application security, identity and access management, physical security and personnel security
• A maturity model - a comprehensive set of best practices against which you can measure your company's security capabilities
• An assessment tool - a consistent way to measure your security posture, assess business risk associated with each capability and generate action plans to improve
• A workshop - a one-time, one-day training session with IBM to help ensure that you get the most out of the Information Security Framework and understand how to use it effectively as a powerful planning tool for your organization