Standard of good practice for information security
Let’s now look at another standard for the development and management of information systems.
Information Security Forum (ISF) Standard of Good Practice (2016)
This has been implemented to help organisations:
- Identify how regulatory and compliance requirements can be met
- Respond to rapidly evolving threats, including sophisticated cyber security attacks by using threat intelligence to increase cyber resilience
- Be agile and exploit new opportunities, while ensuring that associated information risks are managed to acceptable levels
Furthermore, this standard offers a framework that works as a complete guide for system security as it discusses security issues related to topics incorporated in the ISO/IEC 27002, COBIT 5 for Information Security, NIST Cybersecurity Framework, SANS Top 20 Critical Security Controls for Effective Cyber Defence and Payment Card Industry Data Security Standard (PCI DSS).
This standard covers different aspects of the information security as it focuses on issues related to security strategy, incident management, business continuity, cyber resilience and crisis management.
Finally, it is mentioned in the ISF (2016) that the framework is capable of reducing the need to develop security awareness content from scratch. It covers topics that can be used to improve security awareness and achieve expected security behaviour among many different audiences across an organisation, including business users, technical staff, senior management, systems developers and IT service providers. More information on the standard and its application can be found from the Information Security Forum website.
Based on the information above and on the independent research that you choose to do for this task, discuss in a few sentences how this standard differentiates itself from the other ones that are included as part of its framework.
Finally, explain why its application is important for the security of real-world businesses and organisations.
Share and discuss your answers with your peers.
Information Security Forum (2016) [online] available from https://www.securityforum.org/ [1 May 2019]
© Coventry University. CC BY-NC 4.0