Research
Cyber Awareness: Kickstart your security culture
Trusted insights in an easy-to-share format designed to accelerate CISOs and their team's ability to build a resilient security culture.
Download now
ISF: Your first line of defence in safeguarding your organisation
A resource centre with digital and downloadable resources dedicated to supporting your organisation in its journey to become resilient by design.
Read more
ISF: Your first line of defence in supplier security risk management
A lot of organisations have outsourced to a third party and so they feel as…
Read more
ISF: Your first line of defence in incident response management
A dedicated resource centre showcasing ISF resources to support organisations in preparing for and recovering from business disruption events.
Read more
ICS Insights:
Challenging Manufacturers
Has your organisation considered the viable actions to reduce the risks posed if manufacturers are not carefully assessed and managed?
Read more
Embedding Security into Agile Development: Ten principles for rapid improvement
Agile software development methods are proving a better match for today's demanding business environments than…
Read more
Threat Horizon 2025: Scenarios for an uncertain future
Examine multiple contextual scenarios to help set strategies, prepare for potential threats and explore opportunities that lie ahead.
Read more
ISF Resources to Establish Confidence In Your Cyber Resilience
Demonstrate that the appropriate measures are being implemented to embed cyber resilience best practice with key ISF resources.
Resource Hub
Threat Intelligence:
React and prepare
Get to the core of what threat intelligence is and demonstrate the value it can provide if effectively managed.
Read more
ICS Insights:
Organic convergence
Has your organisation considered the complexity of environments within its ICS security controls?
Read more
Threat Horizon 2024: The disintegration of trust
Should organisations attempt to rebuild trust, or accept that it has disintegrated and adapt accordingly?
Read more
Cybersecurity Solutions for a Riskier World
A ThoughtLab study providing evidence-based insights into the most effective cybersecurity practices and investments.
Read more
Information Security in Mergers and Acquisitions
This excerpt from the full ISF briefing paper introduces a typical four-step process and helps promote the value of security in M&A activity.
Read more
Managing Cyber Threats During Periods of Instability
Seven Proactive Steps Towards Stabilisation
Read more
Demystifying Zero Trust
Zero trust continues to cause confusion across industries. Many vendors sell it as an off-the-shelf solution, but in reality, its successful implementation requires organisations to embark on a larger change programme.
Read more
Review and Gap Analysis of Cybersecurity Legislation and Cybercriminality Policies in Eight Countries
The ISF, in conjunction with CC-DRIVER, have released a report detailing new methods to prevent, investigate and mitigate cybercrime.
Read more
Legal and Regulatory Implications for Information Security: People's Republic of China
Read the latest ISF research on how the Personal Information Protection Law (PIPL) will affect organisations how CII operators must follow and report on data protection and security procedures.
Read more
Understanding the ransomware menace
The average cost to recover from a ransomware attack is $1.85 million. No sector is…
Download Now
Cyber Insurance: Is it worth the risk?
The cyber insurance market has sustainably grown in its relatively short history, but also displayed a volatility.
Read more
Extinction Level Attacks: A survival guide
A detailed, pragmatic approach that aids organisations in being better prepared and ultimately surviving an extinction-level attack
Resource Hub
Threat Horizon 2023: Security at a tipping point
Aimed at CISOs, senior leaders and risk executives, the Threat Horizon 2023 identifies nine future threats to information security grouped within three key theme
Download now
Human-Centred Security: Positively influencing security behaviour
Understand the key factors that influence behaviour, and learn how to deliver impactful security education, training and awareness.
Read more
Remote Working and Cyber Risk
As businesses emerge into the new world, beyond their response to the pandemic, we’re likely…
Read more
How the ISF Supports You in Securing European Railway Infrastructure
The ISF is committed to continually support businesses to stay cyber resilient and the railway sector is no exception. From our human-centred security research series, to our supply chain suite, we have something to support your needs as an organisation.
Read more
Continuous Supply Chain Assurance: Monitoring supplier security
Suppliers help to keep operations moving for all organisations, but this also brings information risk that you must keep a watchful eye on.
Read more
Becoming a next-generation CISO
As organisations undergo digital transformation to make themselves more responsive, CISOs are coming under pressure to help these far-reaching changes succeed.
Read more
Using Cloud Services Securely: Harnessing Core Controls
Cloud computing has evolved at an incredible speed and, in many organisations, has become entwined with the complex technological landscape that supports critical daily operations.
Read more
Securing Mobile Apps: Embracing mobile, balancing control
The availability of mobile apps and mobile devices presents organisation with a conundrum. On the…
Read more
Delivering an Effective Cyber Security Exercise
Performing cyber security exercises can help organisations improve their ability to detect, investigate and respond to cyber attacks in a timely and effective manner.
Read more
Threat Horizon 2021: The digital illusion shatters – Full report now available to download
The world is now heavily digitised. Technology enables innovative digital business models and society is…
Read more
Building A Successful SOC: Detect Earlier, Respond Faster
Building a successful Security Operations Centre (SOC) can greatly enhance the ability to detect and disrupt cyber attacks, protecting the business from harm.
Read more
Protecting the Crown Jewels: How to Secure Mission-Critical Assets
Mission-critical information assets – an organisation’s “crown jewels” – are information assets of greatest value and would cause major business impact if compromised.
Read more
Engaged Reporting: Fact and fortitude
Now that cyber security has the attention of the board and information risk is on the agenda, CISOs are being asked increasingly tough questions about security investment and risk.
Read more
Engaging with The Board: Balancing cyber risk and reward
When boards and CISOs engage successfully, organisations are better able to take advantage of the…
Read more
Establishing A Business-Focused Security Assurance Programme: Confidence In Controls
How secure is your organisation’s information? At any given moment, can a security leader look an executive in the eye and tell them how well business processes, projects and supporting assets are protected?
Read more
Building Tomorrow’s Security Workforce
Business and security leaders today must actively work to build and sustain a robust security workforce, as shortfalls in skills and capability to manage risk can manifest as major security incidents that damage organisational performance, reputation and image.
Read more