The Information Security Forum (ISF), a nonprofit IT security group, today announced the availability of its updated Standard of Good Practice, a free benchmark that organizations can use to assess and reduce risks related to information systems.
The 2007 version of the standard offers an increased focus on the insider threat and VoIP concerns. It also addresses identity and access management (IAM), Mark Chaplin, senior research consultant for ISF, told SCMagazineUS.com. IAM solutions are complex, and organizations are looking for help as the perimeter decentralizes, and users seek connection through varying endpoints.
"You're going to be introducing gaps and vulnerabilities, unless you've got some comprehensive control to the variety of systems you have system-wide," he said.
The ISF, which provides research to some 300 blue-chip organizations, publicly released the downloadable standard, which is updated every two years to reflect the most current trends in IT security.
"This covers what we believe to be the waterfront of information security that organizations should be looking at," Chaplin told SCMagazineUS.com today.
Members additionally can use ISF's information risk methodology tool to measure how well they measure up against the standard.
Companies also use the standard as a way to improve their compliance with other internal control frameworks, such as ISO 27002 and COBIT version 4.1. Chaplin said the Standard of Good Practice includes a cross-reference against every control point in ISO and COBIT.
"Information security practitioners are trying to find ways to demonstrate that the money and time they're investing [in these regulations] are being put to good use, and they need ways to measure that," he said.
To download the standard, visit here.