The Information Security Forum has 300 blue-chip companies worldwide as its members—including Nokia,
On being asked about having dedicated consultants who will research the Indian information security industry, Davis replies, "That probably won't happen in the near-term. However, a lot of intra-membership sharing is already taking place. What India is going through now Britain went through 10-15 years ago. There is rich experience available with our global members, and this can be tapped by Indian members using us as the catalyst."
In order to enable this goal, the Information Security Forum plans to organize regular regional meetings as well as awareness and training workshops for Indian members. "These workshops will partially be an information gathering exercise for us, so that we can understand the typical infosec issues of Indian enterprises, share them with our global members, and generate solutions using their experiences," says Davis.
The Information Security Forum provides two membership categories. According to Davis, full membership charges for the first year costs 27,000 pounds; this allows access to all the previous research—20 years' worth of work on information security—of the Information Security Forum. After the first year, the fee drops to 17,000 pounds a year; this gives all individual organizations access to several ISF resources such as workshops, tools and research papers. It also gives the organization the right to send two representatives to Information Security Forum's annual world congress. The second ISF membership category targets small and mid-sized organizations.
The Information Security Forum provides services in four different areas: research & reports, tools & methodologies, knowledge & information exchange, and the annual world congress. According to Davis, some of the ISF's tools and methodologies have become standard practices in the industry. For example, tools such as the Standard of Good Practice, Fundamental Information Risk Management, Security Healthcheck, Information Security Benchmark, and Information Risk Analysis Methodology, are extensively used by global banks as well as telecom, pharmaceutical and manufacturing companies.