'

Information Security Forum makes room for SMEs

The group, which provides security advice to financial institutions and other huge enterprises, has set up a membership level for small businesses

The Information Security Forum, a security trade group predominantly catering to large organisations, has set its sights on pulling in small businesses.

Companies with a turnover of less than £100m can now apply for SME-level membership of the Information Security Forum (ISF), the trade group said on Tuesday. The international non-profit organisation provides guidance on information security issues and best practices to its members, which in the UK include GlaxoSmithKline, Prudential, Barclays and British Airways.

"Opening up the ISF to SMEs is a good move," said Andrew Buss, service director for IT analyst firm Freeform Dynamics. "Companies of all sizes can benefit from third-party information and guidance on security."

The new SME membership provides access to more than 400 reports on information security, the web-based ISF Security Healthcheck tool and online discussion groups that allow companies to share their methodologies, according to the ISF. However, it is more restricted than full membership, as SME members do not have access to the group's full range of security tools or benchmarking services, and are not allowed to attend the ISF's annual world congress event. 

"SMEs that are most likely to sign up will be quite large themselves, given the membership of ISF today is 300 large enterprises," Buss added. "Membership fees are reasonable, in the context of employing specialists or having a breach, especially as new legislation looks to punish security breaches more harshly depending on the level of investment made in security."

A SME subscription to the ISF costs £10,000 in the first year and £7,500 for subsequent years. Members can also pay additional fees (£500 per attendee) to attend a limited selection of workshops. A full membership of the ISF is not restricted to large enterprises but costs £27,000 in the first year and £17,000 every subsequent year. 

The move to admit smaller enterprises is a response to market demand and a step to providing a level of support for information security that has traditionally been hard for SME owners to obtain, according to an ISF statement.

"With the continued erosion of network boundaries, concerns over mobile malware and the potential abuse of personal and mobile devices... the time has never been more appropriate to open membership to smaller and medium-sized enterprises," Steve Durbin, head of sales and marketing for the ISF, told ZDNet UK.