Contents of this appendix
This appendix contains details of further sources of information about information risk management that the ISF has produced.
Work group material Minutes, briefing packs and additional background material relating to this report can be found in the IRAM project area on the ISF’s Member Exchange (MX 2 ) System.
ISF reports Gaining management support for information risk analysis (2004)
Information Security Status Survey 2003: Consolidated Reports (2004)
Understanding and using the ISF’s information risk management tools(2003)
Requirements for improving information risk analysis(2003) The Standard of Good Practice for Information Security (2003) Fundamental Information Risk Management (FIRM):
Implementation Guide (2000)
Fundamental Information Risk Management (FIRM):
Supporting Material (2000) SPRINT: User Guide(1997)
SPRINT: Directory of Controls(1997)
SARA – Simple to apply risk analysis for information systems (1993)
Implementation Guide: How to build Security into your information systems (1993)
Business Risk Analysis: How to establish a satisfactory IT risk analysis process(1990)
Acknowledgements
The Information Security Forum acknowledges the positive contribution to this project by the following individuals:
Work Group
Jesper Hauge Nissen A P Møller Kenneth Silsbee Boeing
Marguerite Talary Abbey National Curtis Ames Boeing
Joop A Zomer ABN-AMRO Bank Kit Bender Boeing
Johan Opperman ABSA Bank Martin Taylor British Airways
George de Beer ABSA Bank Jill Trebilcock British Broadcasting Corporation
Dieter Teichert ABSA Bank Angus Pinkerton British Energy
Thon de Blok Akzo Nobel AUD Matthew Smith BSkyB
Prakash Rao Alcon Laboratories Andy Waddell BSkyB
Michael Bownes Allen & Overy Sanjay Patel BSkyB
John Pendleton Alliance & Leicester Thomas Haeberlen Bundesamt für Sicherheit in der
George Hazell Alliance & Leicester Informationstechnik
Sagaran Naidoo Anglo American Martina Rohde Bundesamt für Sicherheit in der
Len Hendry Anglo American Informationstechnik
Franzo Cirinna Anglo American David Grant Cadbury Schweppes
Andre Botha Anglo American Paul Sherry Cadbury Schweppes
Paul Raubenheimer Anglo American Hong Kong Tey Caltex International Pte
Henry Chai ANZ Alan Speed Centrica
Anita Lussetti ANZ David Austin Centrica
Petra Claessens ANZ Harvey Roth ChevronTexaco
Wendy Kachelhoffer arivia.kom Brian Peterson ChevronTexaco
Andre Noack arivia.kom Satya Vithala Citigroup
Oscar Stark arivia.kom Gerald Mucklow Clariant International
Geoff Dale AstraZeneca Martin Hawkins Clifford Chance
George Waterman AstraZeneca Pharmaceuticals Ronald Chung CMG Information Technology Pte
Tom Bakker AVIVA Boris Hemkemeier Commerzbank
Foong Hoe Tan-Ho AVIVA Kai Buchholz- Commerzbank
Dominique Remy AXA Stepputtis
Trevor Cardwell AXA Howard Eakin ConocoPhillips
Sandy Monnappa AXA Peter van Boxtel Corus Group
Simon Krug AXA Stephen Fitzpatrick Credit Suisse First Boston
Paul Johnson AXA Rolston Wiltshire Credit Suisse First Boston
Kirsty Still B&Q Michael Papais DaimlerChrysler
Richard Nealon Bank of Ireland Group Hans Henrik Danske Bank Michael Hanna Bank of Ireland Group Nielsen
Jennifer Kane Bank of Ireland Group Kjell Hermansson Danske Bank Kevin Harrington Bank of Tokyo-Mitsubishi Tiaan van Deloitte & Touche Victor J. Talamo Bank One Corporation Schalkwyk
Angus Burden Barclays Bank Paul Carroll Department of Social, Community
Lee Li Hoon BASF South East Asia Pte & Family Affairs
Jennifer Khow BASF South East Asia Pte Ted Humphreys Department of Trade & Industry
Wilfried Kehr Bayer Ola Sannes Det Norske Veritas
Donald Michniuk Bechtel Corporation Simon Royal Dresdner Kleinwort Wasserstein Terrence Spencer BHP Billiton Tina Wade Dresdner Kleinwort Wasserstein
Miroslav Kis BMO Financial Group Paul De Graaff DTCC
Vivek Khindria BMO Financial Group Michael Robinette DTCC
Herbert Canfield Boeing Pat Everitt EDF Energy
Jody Wahlgren Boeing Thomas Cummings EDS Information Security Solutions
Ian Baulch-Jones Electrolux IT Solutions Jim Murphy Lucent Technologies Wendy Sale Electronic Data Systems Amanda Finch Marks & Spencer Dolly Kapadia Electronic Data Systems Bengt Arild National Insurance Paul de Luca Electronic Data Systems Unnerud Administration
Michael Harrison Electronic Data Sytems Steve Pomfret Nationwide Building Society Erol Mustafa Ernst & Young Anne-Lize de Beer New Africa Capital
Michel Soupart Euroclear Colin Campbell New Africa Capital
Guenther Kerker F Hoffmann La Roche Leonard Ong Nokia
Steve Smit First Rand Bank Jukka P Savolainen Nokia
James Cleland First Rand Bank Svein Nygard Norges Bank
Gerhard Cronje First Rand Bank Tom Remberg Norsk Hydro
Phil Cogger Ford Motor Company Anthony Mullany Norwich Union
Christof Müllender Ford of Europe David Ward Norwich Union
Loek Sleper Fortis Phillip Gregory Norwich Union
Lori Blair Fortis Manfred Schreck Novartis International
Stephen Gill Fujitsu Services Harmen Frobeen Novartis International
Iain Andrews Fujitsu Services Steen Ledet Nykredit
Steve Greenham GlaxoSmithKline Niels Rasmussen Nykredit Andrew Bebbington Goldman Sachs & Co Joy Buckingham O2 (UK)
Katie C Jenkins Guardent David Clarke O2 (UK)
Randy Kaeder Guardent Dave Cooper Orange
Paul Charles HarrierZeuros Louis Sherman Orange
Tom Stapleton HarrierZeuros Donna Staniforth Orange
Robert J Symmons Hawker de Havilland Vagn E Nielsen Post Danmark
Paul Dann HBOS Group Philip Godwin PowerGen UK
Tanya Preston HBOS Group Neil Wainman PowerGen UK
Alan Savage HBOS Group Roar Gulbrandsen PricewaterhouseCoopers
Lynn Yang Pheng HSBC Singapore Ciaran Kelly PricewaterhouseCoopers
Kuek Sally Boyce Prudential
Peter Berlich IBM Switzerland Pat Reed Prudential
David Spinks Information Security EMEA Tarik Tahesh Prudential Susan Swope Information Security Forum Stephen Donnelly Prudential
Marc Callaway InfoSecure Jean-Christophe Rabobank International
Geoffrey Tumber InfoSecure Gaillard
Melle Beverwijk InfoSecure Adrie Janssen Rabobank Nederland
Frans Gahrmann ING Bank Netherlands Steenberg
Nathan Thompson Innogy Yun Patricia Siow Reuters
Simon Marvell Insight Consulting Lup Kuen Wong Reuters
Pearly Cheng JP Morgan Chase Lip-Ping Chew Reuters
Johan Kempenaers KBC Bank and Insurance George Wang Reuters Holding Company Christopher Somers Reuters Ann Hill Kimberly-Clark Corporation Andrew MacGovern Reuters Chris Hoffman Kimberly-Clark Corporation Jonathan Keefe Reuters Mark Firgens Kimberly-Clark Corporation Ian Curry Reuters Gavin Rayner Kimberly-Clark Corporation Brendon Harris Reuters Jerold R Kobiske Kimberly-Clark Corporation Michael Payne Rolls Royce Erwin Bosma KLM Royal Dutch Airlines Carl Taylor Rolls Royce
Sipho Ndaba KPMG Jonathan Randall Rolls Royce
Jaap Halfweeg KPN Mindy Ziskin Royal Bank of Canada
June Gamber Legal and General Gary Marsh Royal Bank of Scotland Group
David Lanigan Lloyds TSB Jean-Serge Laurent S.W.I.F.T.
Niek Ijzinga LogicaCMG Pierre Coenen S.W.I.F.T.
Frans Kersten LogicaCMG Davor Vlahovic Sanlam
George McBride Lucent Technologies Johan Marnewick Sanlam
William Lim Lucent Technologies Karin Höne Sanlam
Stephen Fried Lucent Technologies Bee Ngah Tan SATS
Silva Kandiah SATS Dan Landess State Farm Mutual Automobile
Lars Eriksson SCA Insurance Company
Bodil Wiklund Scania Dan Sokulski State Farm Mutual Automobile
Kevin Kennedy Schlumberger Insurance Company
Klaus Pape Siemens Anza Botha State Information Technology
Conrad Tan Singapore Airlines Agency
Ching Ching Lim Singapore Airlines Kjell Andersson Stora Enso Patrick Bong Singapore Airlines Christian Thunberg Stora Enso
Siew Leng Leck Singapore Airlines Jan Skogqvist Svenska Handelsbanken Seow Hong Tay Singapore Airlines Jeremy Ward Symantec Security Services
Paul Nagel SKF Michael Volkert Syngenta International
Martina Ramhitshana South African Revenue Service Arne Normann Telenor Tony Apsey South African Revenue Service Tommy Brundin Tetra Pak
Gerhard Kruger South African Revenue Service Michael Robinette The Depository Trust & Clearing
Hettie Booysen South African Revenue Service Corporation
Pedro C Pretorius Spoornet Paul de Graaff The Depository Trust & Clearing
Joe Norman ST Microelectronics Corporation
Jean-Pierre ST Microelectronics Laserian M Kelly The Emirates Group
Margaillan Ventatakrishnan The Emirates Group
Gilbert Agopome ST Microelectronics Vatsaraman
Richard Aylard Standard Bank London Ruedi Siegenthaler UBS Nomazulu Taukobong Standard Bank of South Africa Paul Wood UBS Claudia Jollivet Standard Bank of South Africa Ged Edgcumbe UBS Jacqui Bothwell Standard Bank of South Africa Marco Van Putten Unilever Riana Crafford Standard Bank of South Africa Ed Schrijvers Unilever Emily Manganyi Standard Bank of South Africa Alan M Jones Unisys Pavana Ranjith Standard Bank of South Africa David Pinchbeck Unisys John Murdoch Standard Bank of South Africa Kamaljit Singh Unisys
Edwin Aldridge Standard Chartered Bank Bent Poulsen Værdipapircentralen Carsten Paasch Standard Chartered Bank Chris Weegar Verizon
Adam Spencer Standard Chartered Bank Viki Baxter Verizon
Joe Rohde State Farm Mutual Automobile Mark Steger Zurich Financial Services Insurance Company Giancarlo Zurich Financial Services Dan Hlavac State Farm Mutual Automobile Bombardieri
Insurance Company Joachim Droese Zurich Financial Services Alan Pacocha State Farm Mutual Automobile
Insurance Company
Project team Jason Creasey Nick Frost
Andrew Wilson
Information Security Forum Information Security Forum Information Security Forum Review and quality
assurance
Alan Stanley Information Security Forum
Production Louise Liu
Charl Porter
Information Security Forum Information Security Forum