Want to keep learning?

This content is taken from the Coventry University & Institute of Coding's online course, Cyber Security in the Software Development Life Cycle. Join the course to learn more.

Standard of good practice for information security

Let’s now look at another standard for the development and management of information systems.

Information Security Forum (ISF) Standard of Good Practice (2016)

This has been implemented to help organisations:

  • Identify how regulatory and compliance requirements can be met
  • Respond to rapidly evolving threats, including sophisticated cyber security attacks by using threat intelligence to increase cyber resilience
  • Be agile and exploit new opportunities, while ensuring that associated information risks are managed to acceptable levels

Furthermore, this standard offers a framework that works as a complete guide for system security as it discusses security issues related to topics incorporated in the ISO/IEC 27002, COBIT 5 for Information Security, NIST Cybersecurity Framework, SANS Top 20 Critical Security Controls for Effective Cyber Defence and Payment Card Industry Data Security Standard (PCI DSS).

This standard covers different aspects of the information security as it focuses on issues related to security strategy, incident management, business continuity, cyber resilience and crisis management.

Finally, it is mentioned in the ISF (2016) that the framework is capable of reducing the need to develop security awareness content from scratch. It covers topics that can be used to improve security awareness and achieve expected security behaviour among many different audiences across an organisation, including business users, technical staff, senior management, systems developers and IT service providers. More information on the standard and its application can be found from the Information Security Forum website.

Your task

Based on the information above and on the independent research that you choose to do for this task, discuss in a few sentences how this standard differentiates itself from the other ones that are included as part of its framework.

Finally, explain why its application is important for the security of real-world businesses and organisations.

Share and discuss your answers with your peers.


Information Security Forum (2016) [online] available from https://www.securityforum.org/ [1 May 2019]

Share this article:

This article is from the free online course:

Cyber Security in the Software Development Life Cycle

Coventry University