Information Security Forum Releases Standard of Good Practice 2014

NEW YORK - Sept. 16, 2014 - PRLog -- The Information Security Forum (http://www.securityforum.org) (ISF), a global, independent information security body considered the world's leading authority on cyber security and information risk management, has created a mapping between the US National Institute of Standards and Technology (NIST) Cybersecurity Framework and its annual Standard of Good Practice (The Standard) for IT security professionals. The Standard enables organizations to meet the control objectives set out in the NIST Cybersecurity Framework and extends well beyond the topics defined in the framework to include coverage of essential and emerging topics such as information security governance, supply chain management (SCM), data privacy, cloud security, information security audit and mobile device security.

“With the newly created mapping between the NIST Cybersecurity Framework and The Standard, ISF members can now determine which of their current controls satisfy the corresponding control objectives in the NIST Cybersecurity Framework, and thus demonstrate their alignment with it,” said Steve Durbin, Managing Director, ISF. “Using the NIST Cybersecurity Framework, together with The Standard and other information risk management tools, enables organizations of all sizes to effectively demonstrate to their stakeholders the progress they’ve made in building a robust cyber resilience approach.”

As cybersecurity increasingly becomes a national security issue, governments are taking a more active role in defining responses to cyber threats. In an initiative to respond to an executive order issued by President Barack Obama, NIST has released the first version of its Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity. The framework comprises five functions of cybersecurity activity, with a strong focus on incident response. These functions are further divided into categories, which correspond to various domains of information security; and subcategories, which express various outcomes or control objectives within these domains.

“Although the NIST Cybersecurity Framework is voluntary and intended for guidance rather than as a formal standard, one of its goals was to provide security practitioners with a common language for cybersecurity,” continued Durbin. “This common language makes use of familiar topics in information security and clearly-expressed control objectives within those topics.”

Updated annually to reflect the latest findings from the ISF’s research program, input from global member organizations, trends from the ISF Benchmark and major external developments including new legislation and other requirements, The Standard is used by many global organizations as their primary reference for information security. The Standard addresses the rapid pace at which threats and risks evolve and an organizations’ need to respond to escalating security threats from activities such as cybercrime, ‘hacktivism’, insiders and espionage. As a result, The Standard helps the ISF and its members maintain their position at the leading edge of good practice in information security.

Available at no cost to ISF member companies, The Standard can also be purchased by non-members. For more information on The Standard or any aspect of the ISF, please contact Steve Durbin at steve.durbin@securityforum.org.

About the Information Security Forum

Founded in 1989, the Information Security Forum (ISF) is an independent, not-for-profit association of leading organizations from around the world. It is dedicated to investigating, clarifying and resolving key issues in cyber, information security and risk management and developing best practice methodologies, processes and solutions that meet the business needs of its Members.

ISF Members benefit from harnessing and sharing in-depth knowledge and practical experience drawn from within their organizations and developed through an extensive research and work program. The ISF provides a confidential forum and framework, which ensures that Members adopt leading-edge information security strategies and solutions. And by working together, Members avoid the major expenditure required to reach the same goals on their own.

Further information about ISF research and membership is available from www.securityforum.org