Information Security Forum Launches Standard Of Good Practice

The Information Security Forum (ISF) has released its latest international industry benchmark, the Standard of Good Practice for Information Security. The Standard is designed to help any organisation – irrespective of market sector, size or structure – to keep the risks associated with information systems within acceptable limits.

The Standard has been developed using a rigorous methodology and is based on 14 years of specialist research, real experiences of over 250 global companies that make up the ISF Membership, input from other international standards bodies and the results of a comprehensive biannual ISF survey. It includes coverage of the latest hot topics in information security, such as intrusion detection, information privacy, e-mail, effective security awareness, broadband and wireless communications, PDAs and computer forensics.

“The Standard presents a challenging but achievable target against which organisations can measure and improve their performance,” says Alan Stanley, managing director of the ISF. “A well-managed business environment where risks are kept under control requires a well informed approach to information security and good practice applied to the planning, development, installation, running and maintenance of information systems.”

The ISF Standard of Good Practice is split into five key areas: security management, critical business applications, computer installations, networks and systems development. ISF Members can also take advantage of the ISF’s Information Security Status Survey, which allows organisations to measure the effectiveness of their information security against this standard and other leading companies.

The Information Security Forum (ISF) was founded in 1989 and is a not-for-profit international association of over 250 leading organisations which fund and co-operate in the development of practical, business driven solutions to information security and risk management problems. The ISF undertakes a leading-edge research programme, and has invested more than $50 million over the past thirteen years in providing best practice material for its members. For more information about the ISF and a list of members, visit

The Standard of Good Practice is available for free download from

Introduction to the ISF

The Information Security Forum, ISF, is recognised as the world’s leading Information Security organisation and independent industry authority. Through its members, the ISF brings together and harnesses the knowledge and experience of over 250 major international businesses and government agencies to meet the increasing demand for practical, business-driven solutions to information security and risk management problems.

The ISF’s extensive programme of regional workgroups, meetings, seminars and the annual World Congress event provides an unparalleled end-user forum to explore key security issues, exchange information and share experiences in an environment or trust and confidence. In addition, the ISF’s own private extranet provides a simple and secure means to view and download material and interact instantly with other members.

The ISF has invested more than US$50 million in providing authoritative, best practice research and guidance for its members. The results of this work represent the most comprehensive and integrated set of reports anywhere in the world on information security and risk management.

Current ISF projects focus on a wide range of issues from corporate governance, managing privacy and outsourcing to virus protection, web server security and Windows Server 2003 security planning and checklist. This in-depth research eliminates the need for ISF members to develop their own in-house solutions and delivers a rapid return on investment many hundreds of times over.

Another key activity of the ISF is its comprehensive bi-annual Information Security Status Survey that provides a unique benchmarking opportunity to members, whilst delivering an unmatched “real world’ analysis and understanding of information risk and the causes and impact of security incidents. Born out of this work and other research input over 14 years, the ISF has just released its Standard of Good Practice for Information Security. This includes coverage of the latest hot topics such as intrusion detection, e-mail security, broadband and wireless communications, PDAs and computer forensics.

“With information security and corporate governance a top priority in boadrooms and government departments around the globe, the ISF has an increasingly important role to play,” says Alistair Bremner, Marketing Director at the Information Security Forum. “In a fragmented and confusing Information Security industry, our members recognise the value of sharing knowledge and look to the ISF to deliver expert practical advice and guidance to address their key concerns.”

The Information Security Forum is an independent, mutual organisation, established in 1989. It is owned and governed by its members and managed by a professional team. For more information about the ISF and a list of members, visit


Subscribe to the Help Net Security breaking news e-mail alerts:


Don't miss