The Information Security Forum (ISF), an independent, non-profit organization dedicated to identifying and benchmarking good practices in information security, is planning to spread its wings in India. ISF entered India three years ago, and presently has around 10 Indian companies as its members. "We would like to increase the proportion of Indian members within Information Security Forum, and grow our link with this subcontinent. We have appointed new sales agents here who would be dedicated to running the India chapter," Says Adrian Davis, senior research consultant at ISF.
The Information Security Forum has 300 blue-chip companies worldwide as its members—including Nokia,
JP Morgan, and HSBC. ISF plans to target organizations of similar caliber in India, including Indian multinationals, industrial conglomerates, IT companies, and government organizations. Explaining the reason behind Information Security Forum's increased focus on India, Davis says that the country is moving up the value chain, and has started using (as well as offering) IT and information security-based services. India is now home to many multinational companies which face the same problems as multinationals based in other countries; this will increase the need for unbiased resources on information security. "We want to understand the dynamics of information security in India—to learn how India is dealing with its typical information security issues, its different regulations, and share this knowledge with the rest of our global members," says Davis.
On being asked about having dedicated consultants who will research the Indian information security industry, Davis replies, "That probably won't happen in the near-term. However, a lot of intra-membership sharing is already taking place. What India is going through now Britain went through 10-15 years ago. There is rich experience available with our global members, and this can be tapped by Indian members using us as the catalyst."
In order to enable this goal, the Information Security Forum plans to organize regular regional meetings as well as awareness and training workshops for Indian members. "These workshops will partially be an information gathering exercise for us, so that we can understand the typical infosec issues of Indian enterprises, share them with our global members, and generate solutions using their experiences," says Davis.
The Information Security Forum provides two membership categories. According to Davis, full membership charges for the first year costs 27,000 pounds; this allows access to all the previous research—20 years' worth of work on information security—of the Information Security Forum. After the first year, the fee drops to 17,000 pounds a year; this gives all individual organizations access to several ISF resources such as workshops, tools and research papers. It also gives the organization the right to send two representatives to Information Security Forum's annual world congress. The second ISF membership category targets small and mid-sized organizations.
The Information Security Forum provides services in four different areas: research & reports, tools & methodologies, knowledge & information exchange, and the annual world congress. According to Davis, some of the ISF's tools and methodologies have become standard practices in the industry. For example, tools such as the Standard of Good Practice, Fundamental Information Risk Management, Security Healthcheck, Information Security Benchmark, and Information Risk Analysis Methodology, are extensively used by global banks as well as telecom, pharmaceutical and manufacturing companies.