Embed Size (px)
Citation preview
ISF UK Chapter
David Moloney, UK Chapter AgentCarole Embling, Senior Information Security Advisor, Prudential
Marco Kapp, Founder of ISFSteve Thorne, Head of Quality, ISF Global Team
ISF Past
Information Security Forum 2
GENESIS OF THE ISFMarco Kapp, Director, Citicus Limited
Information Security Forum 3
What led to formation of the ISF?• Necessity:
– C&L's business strategy being to beef up its IT consulting business
• Opportunity:– VP of Technology & Communications Services at
major bank remarking "security is my biggest concern"
– Security natural fit with audit– Rod Perry, C&L's head of Computer Audit,
circulated an invitation to tender from European Commission for a study into network security
1986
Society is growing ever more dependent on IT ... but IT is
not dependable.
C&L has the depth and breadth of skills and standing
to make a big difference
Information Security Forum 4
C&L's 1986-88 European Security Study18 SponsorsEuropean Commission (DG XIII)
21 Case Study organisations
5 C&L FirmsLed by C&L UKC&L ItalyCL& FranceC&L GermanyC&L Netherlands
External panel
Phase I: Develop case study methodology
Phase II: Do 21 case studies
Phase III: Consolidate case study results and
identify key issues
Phase IV: Research key issues and assess
solutions
Phase V: Report on findings
Study process
Confidential to ISF members
Confidential to ISF members
Information Security Forum 5
Results of the 1986-88 European Security Study
Key finding: The 'saw tooth effect'
Report 1: Issues for managementReport 2: Consolidated case study findingsReport 3: Practical guidelinesReport 4: Major issues and assessment of solutionsReport 5: Summary and recommendations
Cont
rol a
reas
Status
Case study 1
Cont
rol a
reas
Status
Case study 10
Cont
rol a
reas
Status
Case study 21
Means collaboration is worthwhile for all ... resulting in pressure to be kept together
Core team
Results
Information Security Forum 6
Confidential to ISF members
From European Security Study to European Security Forum (ESF)In 1988-9, Alan Stanley and I put together a prospectus for a C&L initiative called The European Security Forum and with Rod Perry's help got commitments to participate from:• 13 C&L firms across Europe• 28 founder Members
Founder members
Our aim was to grow the ESF to 50 Members. In the event, membership grew to 68 by the end of its first year.
Information Security Forum 7
The European Security Forum's first year
Council
Forum Director
Core team
Project teams
Security status survey
Business risk
analysis
Baseline controls
Best practice
State-of-the art review
Commercial needs
Future watch
Annual congress
The 1990 inaugural Congress was in Copenhagen ... and was enjoyed by all!
The ESF's launch prospectus
Chaired by Rod Perry
Directed by Marco Kapp
Run by Alan Stanley
Provided by participating C&L firms
Information Security Forum 8
So what did we achieve in our early years?
• Membership organisation established capable of collaborative, focussed international research on one of the world's most important topics
• A quality ethos built into everything that Forum does• A quantitative foundation for projects through the security status survey• Produced great reports• Influenced regulation of information security through membership of
1991 OECD Expert group on computer security • Privilege and pleasure of having worked with some of the most talented
people and many of the finest companies in the world
