Information security framework

Build the foundation for an effective, enterprisewide security program by assessing and enhancing your security capabilities.

The IBM Information Security Framework is a product offering within the Security Governance, Risk Management and Compliance (GRC) portfolio. It is considered a lightweight version of the ISO 27002 security controls framework. It's a collection of security controls grouped into broad categories similar to the categories of ISO 27002.

A faster and more comprehensive approach to enterprise security

Build the foundation for an effective, enterprisewide security program by assessing and enhancing your security capabilities.

Highlights

Service detail

Establish a comprehensive approach to security based on best practices.

The IBM Information Security Framework is designed to provide a methodical and efficient approach to your security program - an approach that can help reduce the time, cost and resources needed to plan and deploy your strategy. By addressing key security themes across your enterprise, the framework can help you establish a view of your entire security landscape, identify potential capability gaps and prioritize initiatives for improvement. The offering includes the following:

Related resources

Find studies, papers and briefs on this topic

NOTE: JavaScript is disabled in your browser. SSI information is only available when JavaScript is enabled.