The IBM Information Security Framework is a product offering within the Security Governance, Risk Management and Compliance (GRC) portfolio. It is considered a lightweight version of the ISO 27002 security controls framework. It's a collection of security controls grouped into broad categories similar to the categories of ISO 27002.
A faster and more comprehensive approach to enterprise security
Build the foundation for an effective, enterprisewide security program by assessing and enhancing your security capabilities.
Establish a comprehensive approach to security based on best practices.
The IBM Information Security Framework is designed to provide a methodical and efficient approach to your security program - an approach that can help reduce the time, cost and resources needed to plan and deploy your strategy. By addressing key security themes across your enterprise, the framework can help you establish a view of your entire security landscape, identify potential capability gaps and prioritize initiatives for improvement. The offering includes the following: