The Scottish Information Assurance Forum (SIAF) is commited to improving Information Security across businesses within Scotland. The forum consists of members from both Public and Private Sector organisations, who are dedicated in impoving awareness and developing best practice to ensure and encourage information exchange.

The Term of Reference for the SIAF are as follows:

1. Address security issues that are:

Shared –
a. due to common threat sources (e.g. crime, hackers, users);
b. via common resources (e.g. premises, networks, utilities, suppliers);
c. same customer base (e.g. NHS, Social Services, Police, Councils “share” the public often on matters of joint interest).
d. Common business processes.

Created by different policies or practices that could be more aligned -
e. Such as handling of cross-organisation disparity of information classification, handling and protection;
f. Awareness training and education about policy or security topics;
g. Contractual requirements for security from suppliers (e.g. for vetting, DPA, audit to ISO27000 series);
h. When staff from different organisations work from home or on another organisation’s premises/data ( e.g. disciplinary jurisdiction, ethics, Internet access and usage policies).

Anticipatable and/or avoidable risks –
i. Such as Critical Infrastructure interdependencies;
j. Identified weaknesses liable to be exploited;
k. Intelligence-based alerts (e.g. shared but not actioned equally well) 

2. Raise awareness of, and opportunity for cooperation on, security issues on a medium term time-frame.

3. Interface to security industry suppliers to improve the efficiency of product design, development and training.
 
For more information email contactus@siaf.co.uk


.