Information Security Forum releases standard of good practice 2020

May 5, 2020
An all-in-one guide used by global organizations as a primary reference for Information Security Best Practices

NEW YORK – May 6, 2020 –The Information Security Forum (ISF) has published a major update to its Standard of Good Practice (The Standard) for IT security professionals, the industry’s most business-focused, all-in-one guide to information security assurance, presenting business-orientated information security topics with practical and trusted guidance. The Standard provides a ready-made framework that can help an organisation improve their resilience by preparing for, managing and responding to major incidents that may have a significant impact on business.

The Standard delivers comprehensive coverage of information security controls and information risk-related guidance, providing ISF Members with an internationally recognized set of good practice covering all aspects of security strategy, incident management, business continuity, cyber resilience and risk management. The latest edition of The Standard includes enhanced coverage of the following topics: security workforce, core cloud security controls, security operation centers, mobile application management, asset registers, security assurance, supply chain management and security event management. As part of the 2020 update, new control guidance has been included which indicates to practitioners whether the type of control is protective, responsive or detective (PDR). It also incorporates which information attributes it protects, including how well does it protect the confidentiality, integrity and availability of information.

Managing information risk is critical for organizations to deliver their strategies, initiatives and goals. Consequently, information risk management is relevant only if it enables the organization to achieve these objectives, ensuring it is well positioned to succeed and is resilient to unexpected events, such as those caused by sophisticated cyber attacks,” said Steve Durbin, Managing Director, ISF. “The Standard is used widely across the ISF membership which consists of many of today’s leading Fortune 500 and Forbes 2000 global companies. As information security activities contribute to the organization’s goals and support compliance with regulation, The Standard, as well as other ISF tools and services, should be applied in the context of the organization’s strategy. The latest edition enables organizations to improve their resilience against a wide-ranging array of threats and low probability, high-impact events that can threaten the success of the organization.”

The Standard addresses the rapid pace at which threats and risks evolve and an organizations’ need to respond to escalating security threats from activities such as cybercrime, ‘hacktivism’, insider threats and espionage. Updated on a biennial basis to reflect the latest findings from the ISF’s research program, input from global ISF member organizations, trends from the ISF Benchmark and major external developments including new legislation and other requirements, The Standard is business-friendly and used by many global organizations as their primary reference for information security. Using The Standard in conjunction with the ISF Benchmark provides meaningful and objective analysis of the true level of security across an organization that can be reported to executive management and stakeholders.

The Standard provides comprehensive controls and guidance on current and emerging information security topics enabling organizations to respond to the rapid pace at which threats, technology and risks evolve. Implementing the latest update of The Standard helps organizations to:

  • Be agile and exploit new opportunities, while ensuring that associated information risks are managed within acceptable levels
  • Respond to rapidly evolving threats, including sophisticated cyber security attacks, using threat intelligence to increase cyber resilience
  • Identify how regulatory and compliance requirements can be best met.

 “Effective implementation depends on strong information risk assessment, so that controls described in The Standard are applied in line with risk,” continued Durbin. “The best practices defined in The Standard will typically be incorporated into an organization’s information security policy, business processes, environments and applications, and should be of great interest and relevance to a range of individuals within the organization as well as external stakeholders.”

 The Standard helps ISF members deliver up-to-date, best practices that can be integrated with their business processes, information security policy, risk management and compliance arrangements. As a result, The Standard helps the ISF, and its members, maintain their position at the leading edge of best practices in information security. Available at no cost to ISF member companies, The Standard can also be purchased by non-members. For more information on The Standard or any aspect of the ISF, please visit the ISF website.

About the Information Security Forum

Founded in 1989, the Information Security Forum (ISF) is an independent, not-for-profit association of leading organizations from around the world. The organization is dedicated to investigating, clarifying and resolving key issues in cyber, information security and risk management and developing best practice methodologies, processes and solutions that meet the business needs of its Members.

ISF Members benefit from harnessing and sharing in-depth knowledge and practical experience drawn from within their organizations and developed through an extensive research and work program. The ISF provides a confidential forum and framework, which ensures that Members adopt leading-edge information security strategies and solutions. By working together, ISF Members avoid the major expenditure required to reach the same goals on their own. Consultancy services are available and provide ISF Members and Non-Members with the opportunity to purchase short-term, professional support activities to supplement the implementation of ISF products.

For more information on ISF membership, please visit https://www.securityforum.org/