The Standard of Good Practice for Information Security, published by the Information Security Forum (ISF), is a business-focused, practical and comprehensive guide to identifying and managing information security risks in organizations and their supply chains.

The recently published 2011 Standard is the most significant update of the standard for four years. It includes information security ‘hot topics’ such as consumer devices, critical infrastructure, cybercrime attacks, office equipment, spreadsheets and databases and cloud computing.

The 2011 Standard is aligned with the requirements for an Information Security Management System (ISMS) set out in ISO/IEC 27000-series standards, and provides wider and deeper coverage of ISO/IEC 27002 control topics, as well as cloud computing, information leakage, consumer devices and security governance.

In addition to providing a tool to enable ISO 27001 certification, the 2011 Standard provides full coverage of COBIT v4 topics, and offers substantial alignment with other relevant standards and legislation such as PCI DSS and the Sarbanes Oxley Act, to enable compliance with these standards too.

The Standard is used by Chief Information Security Officers (CISOs), information security managers, business managers, IT managers, internal and external auditors, IT service providers in organizations of all sizes.

The 2011 Standard is available free of charge to members of the ISF. Non-members are able to purchase a copy of the standard directly from the ISF

The Standard has historically been organized into six categories, or aspects. Computer Installations and Networks address the underlying IT infrastructure on which Critical Business Applications run. The End-User Environment covers the arrangements associated with protecting corporate and workstation applications at the endpoint in use by individuals. Systems Development deals with how new applications and systems are created, and Security Management addresses high-level direction and control.

The six aspects within the Standard are composed of a number of areas, each covering a specific topic. An area is broken down further into sections, each of which contains detailed specifications of information security best practice. Each statement has a unique reference. For example, SM41.2 indicates that a specification is in the Security Management aspect, area 4, section 1, and is listed as specification #2 within that section.

The Principles and Objectives part of the Standard provides a high-level version of the Standard, by bringing together just the principles (which provide an overview of what needs to be performed to meet the Standard) and objectives (which outline the reason why these actions are necessary) for each section.

The published Standard also includes an extensive topics matrix, index, introductory material, background information, suggestions for implementation, and other information.

Facebooktwittergoogle_plusredditpinterestlinkedinmailby feather
Facebooktwittergoogle_pluslinkedinrssyoutubeby feather

Written by

X-Class Corporation is known for building the finest IT Solution and Real Estate Investment. This recognition was earned through relentless research and development of high-performance Web Applications, Electronic Designs, Medical and real estate Investment and by continuously seeking innovative and low-cost design and manufacturing strategies. Additionally, our proactive cyber security approach enables the delivery of integrated solutions and resilient systems for seamless, electronic end-to-end protection. We provide reliable and trusted solutions for securing an organization’s information, systems and networks to ensure confidentiality, authenticity, integrity, and availability. Our vision is to set performance standards for our customers worldwide, every day with the best people, best systems, and best services. Effective leadership at X-Class Corporation isn’t only about getting results. It’s about getting results in the right way with the right people. Our leaders are expected to continually promote ethical behavior, support diversity and make decisions that protect the confidence, health and safety of our employees as well as the natural environment through a solid corporate culture that is second to none.

Comments are closed.