Citicus signs deal with Information Security Forum to help companies drive down Information Risk

UK company Citicus Limited has signed a unique agreement with the influential Information Security Forum (ISF) to deliver web-based automation for implementing the ISF's ground-breaking FIRM (Fundamental Information Risk Management) methodology. The deal gives Citicus worldwide, exclusive rights to develop the automation and commits Citicus and the ISF to actively promote the end-product: Citicus ONE.

Recognised as a world-class methodology for managing the risks posed by business application systems, computer installations, communications networks and other IT resources, FIRM was developed in conjunction with the ISF by a team led by a founder of Citicus.

Based on ten years of statistical research among ISF members – who include some 250 of the world’s largest companies – FIRM provides decision-makers with a graphical view of information risk, including quantitative risk league tables, and offers a practical process for reducing information risk to an acceptable level across enterprises of all sizes.

Citicus is developing the automation needed to implement FIRM successfully using flexible, web-based technology. The result - Citicus ONE - will be launched world-wide in early 2002. Ongoing development and enhancement of Citicus ONE and the FIRM methodology will continue through close collaboration between Citicus and the ISF.

"This agreement is a major step forward - both for Citicus and for companies concerned about information risk - at a time when attention is being focussed on good corporate governance, and increasing threats from hackers, sophisticated viruses and terrorists," says Simon Oxley, Managing Director of Citicus. "Leading enterprises recognise the urgent demand for fast and effective solutions and we are working closely with our 15 launch partners - who include some of the world’s largest multinational corporations - to help them implement FIRM using Citicus ONE."

According to ISF research, an average business-critical information resource will suffer an incident that may compromise the confidentiality, integrity or availability of information every working day (260 incidents per year). And in the course of a year there is a 60% chance that one of these events will be a major incident that will significantly affect the business.

"From our research it is clear that few organisations have a sound method of managing the growth in information risk, which is accelerating with the dependence on IT systems and growth in e-business initiatives," says Alan Stanley, Managing Director of the ISF. "Through the development of FIRM and this new agreement with Citicus, our members gain early access to a systematic, automated approach for identifying and remedying the factors that make information risk so high."

Motorola is a Citicus launch partner helping to steer the development of Citicus ONE. Lawrie Lee, head of Information Protection for Motorola Europe, Middle East and Africa, has already used the prototype version of the software, and plans to roll it out worldwide. "No company, whatever its size, can be complacent about information risk. Our pilot implementation of the prototype FIRM automation enabled us to quickly and accurately focus attention on driving down information risk and we believe the full Citicus ONE system will help us maximise the effectiveness of our expenditure on security controls."

About Citicus (

Citicus was formed by Marco Kapp - the chief architect of the FIRM methodology - and Simon Oxley and Sian Alcock, who both contributed to its development.

The company was established to develop and market world-class automated risk management tools that emerge from Citicus' collaborative development programmes and to provide supporting education, training and consultancy.

About the ISF (

The Information Security Forum is an independent, not-for-profit association of leading organisations dedicated to clarifying and resolving key issues in information security, and developing security solutions that meet the key business needs of its members.

With over 250 of the world's leading organisations as members, the ISF is well placed to mount its extensive work programme that provides members with the opportunity to come together to develop best practice and share a wealth of experience and expertise.

FIRM itself emerged from the ISF's 1999 / 2000 work programme and has been widely acclaimed by ISF members since its publication last year.

For more information, contact:

Peter Rennison or Alison Andrews, PRPR Ltd
Tel: + 44 (0)1442 245 030

Simon Oxley, Marco Kapp or Sian Alcock, Citicus Ltd
Tel: +44 (0)20 7203 8405

Alan Stanley, Information Security Forum
Tel: +44 (0)20 7213 1745

Back to News


Share this post