The ISF’s Information Risk Assessment Methodology, or IRAM2, is part of the ISF Aligned Tools Suite.
IRAM2 is designed to provide a structured approach to identifying, assessing, and managing information risk. The results can be used by organisations to understand their risk landscape, prioritise risks based on potential impact, and guide on risk remediation with control implementation.
IRAM2 is a proprietary methodology that is accessible for members of the ISF.