Free Newsletter
Register for our Free Newsletters
Zones
Access Control
Alarms
Biometrics
Detection
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
Surveillance
View All
Other Carouselweb publications
 
 
 
 
 
 
 
 
News

Information Security Standard of Good Practice

Information Security Forum : 30 September, 2011  (Company News)
The 2011 Standard of Good Practice released by the Information Security Forum provides clear guidance to businesses on IT security
Information Security Standard of Good Practice
The Information Security Forum (ISF) has announced a major update to its Standard of Good Practice, the industry’s most business-focused, all-in-one guide to information security assurance.

The 2011 Standard encompasses every aspect of information security across four main categories: security governance, security requirements, control framework and monitoring and improvement. Among the 118 separate topics covered, there are frequent illustrations of how the 2011 Standard can be applied in practice.

The 2011 Standard is designed to help organisations meet the requirements of any of the world’s recognised information security standards, including ISO, COBIT, NIST, PCI/DSS and ITIL. The 2011 Standard complements these with a wealth of content drawn from ISF projects and input from ISF Members. Unlike other industry standards, it covers new current information security topics such as cloud computing, social networking, data storage, digital rights management and virtualisation, and provides greater depth and guidance for existing topics such information leakage protection, external supplier management process, access control mechanisms,business continuity strategy and security audit management.

Michael de Crespigny, CEO of the ISF commented: “The 2011 Standard sits at the heart of our membership offering and is maintained through our research programme. Many organisations use it as a core part of their business cycle for managing information risk, for example as the basis for their organisation-wide information security policy to support important compliance activities, and to benchmark their practices against peers.

"One of the biggest improvements in the 2011 Standard is the new modular structure – based around intuitive, business-oriented information security topics. This makes it easier for users to customise, automate and cross-reference the standard and other relevant materials,” added de Crespigny.

RSA, The Security Division of EMC, now has the ability to integrate the ISF 2011 Standard into its RSA Archer eGRC (enterprise governance, risk and compliance) Suite under a new agreement - the first GRC product licensed to integrate ISF content. With the ISF Standard of Good Practice for Information Security (the 2011 Standard) within the RSA Archer eGRC Content Library, licensed customers can better centralize and automate their governance program and establish the foundation for risk monitoring and compliance measurement activities.

“We are very pleased to team up with ISF to provide our customers with the Standard of Good Practice guidelines through the RSA Archer
GRC content library,” said David Walter, Senior Director Product Marketing, RSA, The Security Division of EMC. “By embedding this influential, best-practice guideline into the flexible RSA Archer eGRC Suite, our customers can utilize this leading guidance within their information security program, automate compliance processes and improve risk management.”

Seven ways to assure information security

There are seven key ways in which the 2011 Standard is designed to enhance an organisation’s information security assurance:

1) Compliance – provides a way to gain certification against ISO27001 and compliance with other relevant standards.

2) Supplier validation– addresses the need for strong information security in external supplier relationships.

3) Risk assessment– helps identify key risks and their potential business impact, without the expense of purchasing a repository of potential controls.

4) Consistency – improved and consistent standards and policies across the organisation.

5) Awareness – includes specific content aimed at improving security awareness across the organisation, and provides an aid to security awareness in its entirety.

6) Information security assessment– provides a basis for information security evaluation.

7) Improvement – a way to develop or improve specific security controls in the organisation.

The Standard of Good Practice is available free of charge to Members of the ISF.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com