LONDON ? The Information Security Forum has published updates to the Standard of Good Practice For Information Security, a major tool in improving the quality and efficiency of security controls applied by an organization.
The Standard is based on over 16 years and US $75 million of investment in practical research and draws on the knowledge and experiences of the Information Security Forum’s global members as well as building on other standards such as ISO 17799 and COBIT.
The areas that have been updated are those that have been the subject of additional research and investigation, or reflect good practices employed by ISF Members for key topics.
Significant ISF research initiatives since the last update of the Standard include:
Information Risk Management in Corporate Governance
Virus Protection in Practice
Securing Instant Messaging
Managing Privacy
Information Risk Analysis Methodologies
Patch Management
Managing the Information Risks from Outsourcing
Web Server Security
Disappearance of the Network Boundary
The Standard addresses information security from a business perspective. It provides a practical, business-focused and proven statement of good practice for information security, presenting organisations with a challenging, but achievable target against which they can measure their performance.
To download a free copy of the standard, click on ISFSecurityStandard.Com
