The Information Security Forum (ISF) launched a Benchmark as a Service (BaaS) tool. This online initiative will assist users in identifying strengths and weaknesses and compare their security status against other leading organizations across a range of different environments and activities.

For the first time in the more than 20 years that the ISF has been offering benchmarking, the new ISF BaaS facility is available to any organization and is not restricted to member organizations, subject to specific fees and conditions.

After submission of single or batches of questionnaires, users will receive instant, real-time access to the Benchmarking reporting facility, including an online analysis module and individual reports for questionnaires completed.

“Our BaaS tool is unrivalled as it provides organizations with an in-depth assessment of their security arrangements. Benchmark results are available immediately – as soon as you submit your data you can receive results. This allows organizations to compare their performance against similar, anonymous organizations around the world, as well as against the ISF’s Standard of Good Practice for Information Security (The Standard), ISO/IEC 27002 and COBIT 5 for information security,” said Steve Durbin, global vice president, ISF.

“At a time when organisations are being asked to demonstrate their resilience to cyber threats by government, suppliers and customers alike, the ISF BaaS provides that objective analysis allowing you to measure both the effectiveness and value of your security investments,” Durbin added.

Organisations can select from the following categories of BaaS products:

• Quarterly Benchmark as a Service (£5,000/quarter) – Providing unlimited usage of the ISF Benchmark as a Service during a specified quarter.
• Annual Benchmark as a Service (£12,000/year) – Providing unlimited use of the ISF Benchmark as a Service access across the enterprise, throughout the year.