Why Integrated Risk Management is Intelligent Risk Management? 

By 2021, Gartner projects that 50 percent of enterprise risk management strategies within large organizations will involve an IRM solution, and that the market will reach $8 billion annually. So what are the benefits of IRM?


Risk Management: Tips for Buyers 

With so many different solutions in the market, finding the right one can be challenge. Read this blog to find out what you need to consider when evaluating different risk management solutions.

Risk Management: The 4 Keys to Building a Resilient Business 

Our experience says there are 4 keys to building a holistic risk management strategy aimed at creating a resilient business. Read this blog to find out what you need to consider.


​Integrated Risk Management: Addressing Tomorrow's GRC Challenges Today 

If GRC isn’t enough, what is needed to address modern risk and compliance challenges? Read this blog to learn more.

Can GRC keep up? Risk and Compliance in the Digital Era 

You wouldn’t try to do bookkeeping in a journal anymore, so why would you try to manage risk and compliance on a spreadsheet? Like everything else in the digital era, GRC must adapt - read this blog to find out why and how.


Cyber Risk: A CIO Perspective on Digital Transformation 

Digital cyber risk in an increasingly digital landscape is a topic everyone should be intimate with, so how can CIOs lead digital transformation strategies while considering and demonstrating the value of digital risk management? Read our guest blog by leading CIO, Philip Clayson.


Quantifying your Cyber Risk: Measuring What Matters

The current pandemic has heightened focus on cybersecurity as workers shift to remote and disparate working environments creating new opportunities for malicious actors and increasing the likelihood of a cyber breach. Read this blog to find out how you can use cyber intelligence to protect your business.

Cyber Risk Trends that will dominate in 2020

As we embark on a new year and new decade, it is important that we reflect on the lessons of 2019 to drive our future strategies. Read this blog to see some of the trends and tips we've identified for managing cyber risks over the coming year. 


Automate BCM to increase business resilience

Read this whitepaper to find out how you can use STREAM to automate different elements of the BCM process.

Can risk management help you avoid sending an IOU to the ICO?

Read this blog to find out how robust privacy and cyber risk management can help you demonstrate GDPR compliance.

Why should CISOs be quantifying cyber risk?

Cyber security has become a boardroom issue and so there is an increasing need for cyber risk to be measured and reported in financial terms. Read this blog for more details.

Three ways to attain value from cyber risk management in 2019

This blog outlines three ways which will allow you to attain the most value from your cyber risk management processes over the next year.

As GDPR starts to bite, make sure that your risk management is in order

This white paper highlights the importance of demonstrating a diligent risk-based approach to handling of personal data.


A Risk-based Approach to Cyber Security

This white paper describes how you can implement, and show evidence of a risk-based approach to cyber security. Regulations such as EU GDPR, and standards such as ISO 27001 require a risk-based approach to cyber security but this can often be a challenge for organisations so Simon Marvell identifies 7 requirements for a risk-based approach to cyber security.

Want to know more? Register here to watch our 'Risk-based Approach to Cyber Security' webinar on-demand. 


The Real and Present Threat of a Cyber Breach Demands real-time Risk Management

This paper argues that due to the high level of threat there is an urgent need for organizations to truly understand their cyber security risk status so that, where necessary they can take urgent remedial actions to rectify weaknesses.   If there isn’t sufficient visibility of cyber security risk status, organizations won’t be able to manage cyber security risks and they will almost certainly suffer a breach.

Simon Marvell shows how to model cyber security threats and controls, measure risk status and react to change with examples using publically available expert content, such as the annual Verizon Data Breach Investigations reports and the SANS Top 20 Critical Security Controls for Cyber Defense.


We need to move on from Spreadsheets for Compliance and Risk Management

An article by Simon Marvell, describing why spreadsheets have been so popular with compliance and risk management along with the problems. Explaining the benefits of new alternative approaches to the issue.

A Blueprint for an Enterprise Information Security Assurance System

This paper describes a blueprint for Enterprise Information Security Assurance Systems (ISO 27001) but the principles are applicable to any management system solution, including Quality Management Systems (ISO 9000 series), Environmental Management Systems (ISO 14000 series), Occupational Health & Safety Systems (ISO 18000 series) and Business Continuity Management Systems (BS 25999 series). 

Risk Management need to start giving Executives what they want

This paper argues that the risk management industry is currently failing business managers because it is not giving them the information that they need to manage risk effectively. The vast majority of avoidable business disasters or failures occur because those executives with the power to take action to avoid or mitigate the risks aren’t aware of the true risks. The paper goes on to describe a new risk management framework for giving executives the information that they need, based around the three key attributes of: valuable information; ease of use; and, flexibility. Giving Executives the information that they really need.  To view the paper please select the link below.

Complete Information Risk Management Solution

IRAM is a business-led information risk analysis methodology used widely by ISF members.  IRAM provides tools for business impact assessment, threat and vulnerability assessment and control selection.  However, it is not an integrated web-based solution and does not provide tools for on-going monitoring and reporting of risk status or workflow for managing the treatment of unacceptable risks.  This paper describes how IRAM can be used easily with Acuity’s STREAM GRC software to provide a complete information risk management solution for ISF members.

Onsite or web training needed?

Please contact us to discuss your requirements.