ISF Releases New Standards
Latest international standard helps companies to implement good practice in information security and mitigate information risks
October 16, 2007
REDWOOD CITY, Calif. -- The Information Security Forum (ISF) today publicly launched the 2007 version of its international Standard of Good Practice for Information Security, which can be downloaded free of charge from www.isfstandard.com.
Aimed at major national and international organizations, the Standard provides a key resource for organisations committed to reducing the business risks associated with information systems. Drawing on the practical experiences of over 300 leading international organisations including many of the Fortune 100 companies, the Standard reflects the latest thinking on information security through workshops, face-to-face meetings and interviews, as well as the results of the ISF’s in-depth research and its comprehensive information security benchmarking tool – the Information Security Status Survey. Building on previous versions released over the last 10 years, the 2007 version includes all the latest ‘hot topics’ in information security such as wireless access, endpoint security, identity management, security architecture, desktop applications, spreadsheets, portable storage devices and Voice over IP networks (VoIPs).
Complying with the Standard can help organizations conform with other information security-related standards such as ISO/IEC 27002 and COBIT v4.1, as well as addressing the information security aspects of increasing legal and regulatory requirements, such as Sarbanes-Oxley Act, Payment Card Industry Data Security Standard (PCI/DSS) and the EU Directive on Data Protection.
“All organizations face an increasing challenge to manage information security risk and meet growing legislative and corporate governance requirements,” said Kim Aarenstrup, Chairman of the ISF and Group Head of Information Security at the A.P. Moller - Maersk Group. “By making the Standard of Good Practice freely available, our aim is to raise awareness of information security and improve policies, standards and procedures; and to help organisations undertake risk analysis, develop best practice controls and measure their effectiveness.”
You May Also Like