What is ISF IRAM2?
IRAM2 (Information Risk Assessment Methodology version 2) is a structured methodology for assessing information risk, developed by the Information Security Forum (ISF), a membership organisation for security and risk professionals.
IRAM2 is designed to help organisations identify, assess, and treat information risk using a consistent and scalable approach. It is a proprietary methodology available to ISF members.
The methodology uses a six-phase process, consisting of Scoping, Business Impact Assessment, Threat Profiling, Vulnerability Assessment, Risk Evaluation, and Risk Treatment.