The INFORM Program
The INFORM (INFO
rmation assurance R
odel) Program is a set of vendor neutral tools designed to help you better understand your organization's IT Risk, and target cost-effective ways to strengthen its management. INFORM delivers peer benchmarking information measured against industry standards within a set of 18 generic control areas, and provides realistic decision support to improve your organization's IT risk management programs.
Managing IT risk is critical to your organization's success and can be challenging without the proper tools. The INFORM Program provides a set of applications to demystify the path to IT security. INFORM will help you determine your organization’s optimal spending level, and in what areas your investment will be most effective.
The INFORM program includes the following applications:
- INFORM Benchmark Survey: Analyze how your organization views and manages IT risk. Get an individualized peer benchmark report that compares your organization to others in your industry.
- INFORM Express: Quickly see your organization's IT risk in relation to its business drivers and processes. Within the INFORM program, this is the fastest way to create a solution roadmap that can help improve your organization's IT security. It is prioritized by industry benchmark data and customer input, directional information on IT Security, Compliance and Business Process Risks, and a guide to standards-based control frameworks (ISO 17799 and ITIL).
Web-enabled consultative applications that can generate a detailed scenario for your organization's IT Risk Management planning:
- INFORM 3.0 for Security: Details your organization's security risk exposure in relation to its business value and compares your organization's current IT risk management against good practice advice drawn from ISO 17799.
- INFORM 3.0 for Operational Efficiency: Delivers in-depth information about your organization's business drivers and the IT operational efficiency of the services used for their support. Your organization's current operational effectiveness is compared against good practice advice drawn from ITIL.
- INFORM 3.0 Federal: Applies to organizations in the public sector and subject to the United States Federal Information Security Management Act (FISMA). Included is detailed information about information security risk exposure in relation to your entire organization, or to a critical asset. The report also compares your organization's current management of its risk exposure against FISMA controls.