With organisations facing increasing risks and pressures from corporate governance legislation, the Information Security Forum (ISF) has announced the latest version of its international industry benchmark, the Standard of Good Practice for Information Security. The updated 2005 version is freely available and is the only detailed and comprehensive global standard that allows organisations to manage the full range of threats and improve levels of information security.
The ISF 2005 Standard of Good Practice pays particular attention to current hot issues such as secure instant messaging, web server security, patch management and virus protection as well as important and changing areas of information security including information risk management, outsourcing, privacy and the disappearance of the network boundary.
Compiled by some of the world’s leading independent experts in information security, the Standard is based on over 16 years and $75million of investment in practical research. The Standard draws on the knowledge and experiences of the ISF’s 270 global members – including 50% of the Fortune 100 – as well as building on other standards such as ISO 17799 and COBIT.
“Companies and organisations of all types and sizes face a daunting task to manage the breadth and depth of information risk and meet the growing demands from corporate governance initiatives,” said Frank Marsh, Group Information Security Manager at British American Tobacco plc and a member of the ISF Executive.
“The ISF Standard provides a powerful framework to implement international best practice, comply with legal and regulatory requirements such as Sarbanes-Oxley and reduce the likelihood of disruption from major incidents.”
The ISF Standard of Good Practice is split into five key areas: security management, critical business applications, computer installations, networks and systems development. It is available free of charge from www.securityforum.org and provides a set of high-level principles and objectives for information security together with practical steps to implement good practice.
In addition, ISF Members can also take advantage of the ISF’s Information Security Status Survey. This is a practical tool that enables organisations to measure the effectiveness of their information security against the Standard and other leading companies.
“The ISF is an international organisation and by making the Standard of Good Practice available at no charge, we want to offer it as a real world, practical benchmark for information security which helps drive the adoption of best practice,” said Steve Thorne, who heads up the management team at the ISF.
The Information Security Forum was founded in 1989 and is a not-for-profit international association of over 270 leading organisations which fund and co-operate in the development of practical, business driven solutions to information security and risk management problems. The ISF undertakes a leading-edge research programme and has invested more than US$75 million to create a library of over 150 authoritative reports that are available free of charge to ISF Members. To find out more about becoming a member of the ISF please visit the website or contact Becky Meyjes on +44 (0)20 7212 5346.