1. ISF UK Chapter David Moloney, UK Chapter Agent Carole Embling, Senior Information Security Advisor, Prudential Marco Kapp, Founder of ISF Steve Thorne, Head of Quality, ISF Global Team David Moloney, UK Chapter Agent Carole Embling, Senior Information Security Advisor, Prudential Marco Kapp, Founder of ISF Steve Thorne, Head of Quality, ISF Global Team ISF Past

2. GENESIS OF THE ISF Marco Kapp, Director, Citicus Limited Information Security Forum2

3. What led to formation of the ISF? Information Security Forum3 Necessity: – C&L's business strategy being to beef up its IT consulting business Opportunity: – VP of Technology & Communications Services at major bank remarking "security is my biggest concern" – Security natural fit with audit – Rod Perry, C&L's head of Computer Audit, circulated an invitation to tender from European Commission for a study into network security 1986 Society is growing ever more dependent on IT... but IT is not dependable. C&L has the depth and breadth of skills and standing to make a big difference

4. C&L's 1986-88 European Security Study Information Security Forum4 18 Sponsors European Commission (DG XIII) 21 Case Study organisations 5 C&L Firms Led by C&L UK C&L Italy CL& France C&L Germany C&L Netherlands External panel Phase I: Develop case study methodology Phase II: Do 21 case studies Phase III: Consolidate case study results and identify key issues Phase IV: Research key issues and assess solutions Phase V: Report on findings Study process Confidential to ISF members

5. Results of the 1986-88 European Security Study Information Security Forum5 Key finding: The 'saw tooth effect' Report 1:Issues for management Report 2:Consolidated case study findings Report 3:Practical guidelines Report 4:Major issues and assessment of solutions Report 5:Summary and recommendations Control areas Status Case study 1 Control areas Status Case study 10 Control areas Status Case study 21 Means collaboration is worthwhile for all... resulting in pressure to be kept together Core team Results

6. Confidential to ISF members From European Security Study to European Security Forum (ESF) Information Security Forum6 In 1988-9, Alan Stanley and I put together a prospectus for a C&L initiative called The European Security Forum and with Rod Perry's help got commitments to participate from: 13 C&L firms across Europe 28 founder Members Founder members Our aim was to grow the ESF to 50 Members. In the event, membership grew to 68 by the end of its first year.

7. The European Security Forum's first year Information Security Forum7 Council Forum Director Core team Project teams Security status survey Business risk analysis Baseline controls Best practice State-of- the art review Commercial needs Future watch Annual congress The 1990 inaugural Congress was in Copenhagen... and was enjoyed by all! The ESF's launch prospectus Chaired by Rod Perry Directed by Marco Kapp Run by Alan Stanley Provided by participating C&L firms

8. So what did we achieve in our early years? Membership organisation established capable of collaborative, focussed international research on one of the world's most important topics A quality ethos built into everything that Forum does A quantitative foundation for projects through the security status survey Produced great reports Influenced regulation of information security through membership of 1991 OECD Expert group on computer security Privilege and pleasure of having worked with some of the most talented people and many of the finest companies in the world Information Security Forum8