At a breakfast event in London this week, Steve Durbin, the forum's vice president and Adrian Davis, the forum's principal research analyst, explained the need to secure mobile devices.
Davis said that the problem for most firms is that, whilst the infrastructure to support these devices is there, not all businesses have adapted their security systems and policies.
In the US, he explained, unless the employee agrees explicitly to the feature being enabled, it is not allowed for their employer to remote wipe their portable device's data.
"This makes the task of controlling company data on the employee's personal portable device difficult", he said.
The problem of consumerisation - and the challenges that it poses IT security professionals in the workplace - is something that is not going to go away, he says.
"If anything, it's going to be an even bigger problem as time goes on," he said, adding that the ISF's research shows that 69% of i-workers say they can view non work-related websites, but only 44% of employers say this is the case.
And, he went on to say, 52% of workers say they can store personal data files on their computer devices, whilst only 37% of employers claim this is possible.
The problem here, says Davis, is that there is a difference in understanding of the problem between employees and employers.
The solution to these issues, he claims, is that governance has to be the first priority, since there is clearly going to be less direct control that IT departments have over their hardware, software and data in the future.
And against this backdrop, the ISF says there needs to be better user awareness of the security issue with using personal devices in the workplace - and the personal use of company systems.
Criminals, says Davis, are not stupid. Solutions such as building a company app store for employees to download vetted apps from is an option, as well as deploying monitoring software and implementing data classification procedures.
"You need to develop a mobile device management system. Data classification is a must. You cannot say this issue is going to go away", he said.
And, Davis advised, there may also be a requirement to conduct a rolling security development process, in order to adapt to the changing portable IT landscape in the office.
"Policies and governance also have a clear role to play in this," he said.