Information Security Forum Releases Standard of Good Practice 2020
By: Information Security Forum
The Standard delivers comprehensive coverage of information security controls and information risk-related guidance, providing ISF Members with an internationally recognized set of good practice covering all aspects of security strategy, incident management, business continuity, cyber resilience and risk management. The latest edition of The Standard includes enhanced coverage of the following topics: security workforce, core cloud security controls, security operation centers, mobile application management, asset registers, security assurance, supply chain management and security event management. As part of the 2020 update, new control guidance has been included which indicates to practitioners whether the type of control is protective, responsive or detective (PDR). It also incorporates which information attributes it protects, including how well does it protect the confidentiality, integrity and availability of information.
"Managing information risk is critical for organizations to deliver their strategies, initiatives and goals. Consequently, information risk management is relevant only if it enables the organization to achieve these objectives, ensuring it is well positioned to succeed and is resilient to unexpected events, such as those caused by sophisticated cyber attacks," said Steve Durbin, Managing Director, ISF. "The Standard is used widely across the ISF membership which consists of many of today's leading Fortune 500 and Forbes 2000 global companies. As information security activities contribute to the organization's goals and support compliance with regulation, The Standard, as well as other ISF tools and services, should be applied in the context of the organization's strategy. The latest edition enables organizations to improve their resilience against a wide-ranging array of threats and low probability, high-impact events that can threaten the success of the organization."
Implementing the latest update of The Standard helps organizations to:
• Be agile and exploit new opportunities, while ensuring that associated information risks are managed within acceptable levels
• Respond to rapidly evolving threats, including sophisticated cyber security attacks, using threat intelligence to increase cyber resilience
• Identify how regulatory and compliance requirements can be best met.
Available at no cost to ISF member companies, The Standard can also be purchased by non-members. For more information on The Standard or any aspect of the ISF, please visit the ISF website (http://www.securityforum.org/