Compliance Management, Incident Response, TDR

Information Security Forum releases free best practices standard


The Information Security Forum (ISF), a nonprofit IT security group, today announced the availability of its updated Standard of Good Practice, a free benchmark that organizations can use to assess and reduce risks related to information systems.

The 2007 version of the standard offers an increased focus on the insider threat and VoIP concerns. It also  addresses identity and access management (IAM), Mark Chaplin, senior research consultant for ISF, told IAM solutions are complex, and organizations are looking for help as the perimeter decentralizes, and users seek connection through varying endpoints.

"You're going to be introducing gaps and vulnerabilities, unless you've got some comprehensive control to the variety of systems you have system-wide," he said.

The ISF, which provides research to some 300 blue-chip organizations, publicly released the downloadable standard, which is updated every two years to reflect the most current trends in IT security.

"This covers what we believe to be the waterfront of information security that organizations should be looking at," Chaplin told today.

Members additionally can use ISF's information risk methodology tool to measure how well they measure up against the standard.

Companies also use the standard as a way to improve their compliance with other internal control frameworks, such as ISO 27002 and COBIT version 4.1. Chaplin said the Standard of Good Practice includes a cross-reference against every control point in ISO and COBIT.

The ISF standard also will put users in an excellent position to comply with compliance regulations, such as Sarbanes-Oxley and the Payment Card Industry Data Security Standard, Chaplin said.

"Information security practitioners are trying to find ways to demonstrate that the money and time they're investing [in these regulations] are being put to good use, and they need ways to measure that," he said.

To download the standard, visit here.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.