CESG Assurance Model

The new CESG Assurance Model for the control of Information risk is scheduled for authorittive release in January, 2008. At present there is an excellent overview website at the following link that includes graphics and an article describing the proposed model. The model encompasses four main elements of information risk and control - intrinsic, extrinsic, operational and implementation. CESG Assurance Model