The ISF’s Standard of Good Practice for Information Security (the Standard) is the most comprehensive information security standard available. It provides complete coverage of the topics set out in ISO/IEC 27002:2013, COBIT 5 for Information Security NIST Cybersecurity framework, CIS Top 20 Critical Security Controls for Effective Cyber Defense and Payment Card Industry Data Security Standard (PCI:DSS) version 3.1. It is used by many of the worlds leading organisations as their primary reference to manage information risk.

Our consultancy services will help you implement the Standard to:

  • Apply a robust framework for information security that provides consistent risk-based protection across the organisation and in your supply chain
  • Meet your regulatory and compliance requirements
  • Be agile and exploit new business opportunities – whilst ensuring that associated information risks are managed to acceptable levels
  • Respond to rapidly evolving threats
  • Update internal security policies.

Case Study:

Following an external audit, a large multinational organisation was required to update and modernise its internal security policies. An ISF Consultant helped the company to use the Standard as the basis for an updated set of policies, procedures and guidelines that met the requirements of the auditors and regulatory bodies.

Executive Summary

Security Governance, Policies, Compliance, Standards and Control Framework

Please fill out the form below to download a complimentary Executive Summary.

Please provide your details to download this document:

Please check this box to confirm that you have read and agree with our Privacy Policy and Terms Of Use

By downloading this document you agree to being contacted by the ISF.

Please enter the email address you previously registered with to access the download: