The Information Systems Security Assessment Framework (ISSAF) seeks to integrate the following management tools and internal control checklists:

-Evaluate the organizations information security policies & processes to report on their compliance with IT industry standards, and applicable laws and regulatory requirements
-Identify and assess the business dependencies on infrastructure services provided by IT
-Conduct vulnerability assessments & penetration tests to highlight system vulnerabilities that could result in potential risks to information assets
-Specify evaluation models by security domains to :
-Find mis-configurations and rectify them
-Identifying risks related to technologies and addressing them
-Identifying risks within people or business processes and addressing them
-Strengthening existing processes and technologies
-Provide best practices and procedures to support business continuity initiatives

Benefits of ISSAF

-The ISSAF is intended to comprehensively report on the implementation of existing controls to support IEC/ISO 27001:2005(BS7799), Sarbanes Oxley SOX404, CoBIT, SAS70 and COSO, thus adding value to the operational aspects of IT related business transformation programmes.
-Its primary value will derive from the fact that it provides a tested resource for security practitioners thus freeing them up from commensurate investment in commercial resources or extensive internal research to address their information security needs.
-It is designed from the ground up to evolve into a comprehensive body of knowledge for organizations seeking independence and neutrality in their security assessment efforts.

This is not but posters of information security awareness use it impress your boss, colleague , clients etc ..

Download Information Systems Security Assessment here.

 

download:http://www.oissg.org/custom/information-security-awareness-poster-3.html