Aimed at major national and international organisations, the Standard provides a key resource for organisations committed to reducing the business risks associated with information systems. Drawing on the practical experiences of over 300 leading international organisations including many of the Fortune 100 companies, the Standard reflects the latest thinking on information security through workshops, face-to-face meetings and interviews, as well as the results of the ISF’s in-depth research and its comprehensive information security benchmarking tool – the Information Security Status Survey.
Building on previous versions released over the last 10 years, the 2007 version includes all the latest ‘hot topics’ in information security such as wireless access, endpoint security, identity management, security architecture, desktop applications, spreadsheets, portable storage devices and VoIP networks.
Complying with the Standard can help organisations conform with other information security-related standards such as ISO/IEC 27002 and COBIT v4.1, as well as addressing the information security aspects of increasing legal and regulatory requirements, such as Sarbanes-Oxley Act, Payment Card Industry Data Security Standard (PCI/DSS) and the EU Directive on Data Protection.
The ISF’s Standard of Good Practice is split into six key areas: security management, critical business applications, computer installations, networks, systems development and the end user environment. Within each section, the Standard provides key objectives and a clear overview of the practical measures and activities that need to be carried out to keep information risks under control.
The Standard of Good Practice represents just one part of the ISF’s $100million investment to date in integrated research, reports, tools and advanced methodologies such as the ISF’s Information Risk Analysis Methodology that are available to ISF Members. In addition, ISF Members can take advantage of the ISF Information Security Status Survey; a powerful benchmarking tool that enables organisations to measure the effectiveness of their information security against the Standard and other leading companies.
Copies of the ISF Standard of Good Practice can be downloaded free here.