The ISM Community Top Ten is an awareness document that describes a series of key issues that organizations should immediately understand. The importance of corporate Governance, Risk and Compliance (GRC) is driving business decisions and corporate strategies in the information age. Many organizations GRC strategies don’t include information security management as a foundational component, and for those that do, it is often incomplete and we believe this to be a significant oversight. Information security is necessary to manage security risks and should be an essential component of any GRC strategy supporting modern business

This Top Ten list describes key concepts that should be part of any effective information security program. Organizations can quickly compare their current information security program against this Top Ten list and determine if and whether they need to improve. This document does not attempt to address every issue, nor does it provide a blueprint for addressing corporate information security as a whole. It does, however, provide a collective list of the ten things we believe companies should be doing. The list also provides high-level guidance from many of the most experienced CSO’s and security experts in the industry with “tips and tricks from the field”. It is written from real world experience: it is not a thinly disguised product marketing paper and does not gloss over these important issues.

We urge all companies to examine their own corporate practice and strategy against the ISM Community Top Ten and take action accordingly.

Tim Smith, Director, Bridge Point Communications (main author) and The ISM-Community Team