Information Security Standards - ISF Standard of Good Practice for Information Security
(Page 4 of 4 )
The Information Security Forum was formed in 1989 to formally establish standards and best practices in the realm of information security. Its main publication, the freely available Standard of Good Practice, outlines a functional information security methodology based on both research and real world experience, and centered around the following six key aspects:
Computer installations
This aspect is targeted chiefly at IT specialists, and addresses the hardware and software that supports the critical business applications.
Critical business applications
These are the applications on which the organization's activities depend. The CBA aspect is primarily targeted at the CBA owners, the individuals in charge of business processes and systems integrators.
Security management
The security management aspect deals with management level decision making in relation to security implementations across the organization. It is targeted at security decision makers and auditors.
Networks
Networks are in a category of their own due to their unique security vulnerabilities. The network aspect addresses the nature and implementation of an organization's networking requirements. Its target is typically network managers, network service specialists and network service providers.
Systems development
This aspect deals with the identification, design and implementation of system requirements. Its primary target is system developers and the heads of system development departments.
End user environment
The end user environment is the point at which individuals use the organization's systems and applications to support business processes. This aspect therefore tends to target business managers and individuals who work within such end user environments.
The standard itself consists of a statement of principles and objectives, alongside extensive documentation covering implementation recommendations, background materials and a comprehensive matrix of topics. It is thoroughly reviewed and updated biannually in order to maintain currency and relevance in the fast changing world of information security. This gives subscribers to the standard a high degree of confidence that they are working with materials based on the most recent available perspectives on information security issues.
In addition to the Standard of Good Practice, the ISF directly promotes the implementation of best practices by involving itself in security research projects and in-depth reports and the development of methodologies and tools. It also oversees a biannual benchmarking program known as the Information Security Status Survey. The purpose of this is to examine the effectiveness of the security systems of the participating organizations and measure them against each other. The ISF also encourages collaboration between member organizations to improve communication and derive benefit from shared experiences. This approach is further strengthened by the ISF World Congress, to which all member organizations are invited to send delegates.
Sources:
http://iso27001security.com/html/iso27000.html
http://csrc.nist.gov/
https://www.securityforum.org/index.htm
| DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware. |
