Standard of Good Practice for Information Security

Against a backdrop of blue chips facing increasing risks and pressures from corporate governance legislation, the Information Security Forum (ISF) has released the latest version of its international industry benchmark for end users – the Standard of Good Practice for Information Security.

The ISF claims that this is “the only detailed and comprehensive global standard that allows organisations to manage the full range of threats and improve levels of information security”.

The ISF Standard pays particular attention to current ‘hot’ topics such as secure instant messaging, web server security, patch management and virus protection, as well as important (and changing) areas of information security including information risk management, outsourcing, privacy and the disappearance of the network boundary.

The guide draws on the knowledge and experience of the ISFs 270 global members – including 50% of the Fortune 100 companies – while building on other standards such as ISO 17799 and COBIT.

“Companies and organisations of all types and sizes face a daunting task to manage the breadth and depth of information risk, and to meet the growing demands from corporate governance initiatives,” said Frank Marsh, group information security manager at British American Tobacco, in an interview with SMT.

Marsh, a member of the ISF executive, added: “The ISF provides clients with a powerful framework to implement international Best Practice, comply with legal and regulatory requirements such as Sarbanes-Oxley and reduce the likelihood of disruption from major incidents.”

The ISF Standard is split into five key areas: security management, critical business applications, computer installations, networks and systems development.