ISF UK Chapter

1. ISF UK Chapter ISF Past David Moloney, UK Chapter Agent Carole Embling, Senior Information Security Advisor, Prudential Marco Kapp, Founder of ISF Steve Thorne, Head of Quality, ISF Global Team

2. Genesis of the ISFMarco Kapp, Director, Citicus Limited Information Security Forum

3. What led to formation of the ISF? • Necessity: • C&L's business strategy being to beef up its IT consulting business • Opportunity: • VP of Technology & Communications Services at major bank remarking "security is my biggest concern" • Security natural fit with audit • Rod Perry, C&L's head of Computer Audit, circulated an invitation to tender from European Commission for a study into network security 1986 Society is growing ever more dependent on IT ... but IT is not dependable. C&L has the depth and breadth of skills and standing to make a big difference Information Security Forum

4. C&L's 1986-88 European Security Study 21 Case Study organisations Study process 18 SponsorsEuropean Commission (DG XIII) Confidential to ISF members Phase I: Develop case study methodology Confidential to ISF members Phase II: Do 21 case studies Phase III: Consolidate case study results and identify key issues 5 C&L Firms Led by C&L UKC&L Italy CL& France C&L Germany C&L Netherlands Phase IV: Research key issues and assess solutions External panel Phase V: Report on findings Information Security Forum

5. Results of the 1986-88 European Security Study Report 1: Issues for management Report 2: Consolidated case study findings Report 3: Practical guidelines Report 4: Major issues and assessment of solutions Report 5: Summary and recommendations Means collaboration is worthwhile for all ... resulting in pressure to be kept together Key finding: The 'saw tooth effect' Status Status Status Results Control areas Control areas Control areas Case study 1 Case study 10 Case study 21 Core team Information Security Forum

6. From European Security Study to European Security Forum (ESF) Confidential to ISF members Founder members • In 1988-9, Alan Stanley and I put together a prospectus for a C&L initiative called The European Security Forum and with Rod Perry's help got commitments to participate from: • 13 C&L firms across Europe • 28 founder Members Our aim was to grow the ESF to 50 Members. In the event, membership grew to 68 by the end of its first year. Information Security Forum

7. The European Security Forum's first year Council Chaired by Rod Perry Forum Director Directed by Marco Kapp Core team Run by Alan Stanley Project teams Provided by participating C&L firms Security status survey Business risk analysis Baseline controls Best practice State-of-the art review Commercial needs Future watch Annual congress The 1990 inaugural Congress was in Copenhagen ... and was enjoyed by all! The ESF's launch prospectus Information Security Forum

8. So what did we achieve in our early years? • Membership organisation established capable of collaborative, focussed international research on one of the world's most important topics • A quality ethos built into everything that Forum does • A quantitative foundation for projects through the security status survey • Produced great reports • Influenced regulation of information security through membership of 1991 OECD Expert group on computer security • Privilege and pleasure of having worked with some of the most talented people and many of the finest companies in the world Information Security Forum