The Information Security Forum (ISF), trusted resource for executives and board members on cybersecurity and risk management, announce that the organization has been working with the United States National Institute of Standards and Technology (NIST) as part of a pilot project to create Online Informative References (OLIRs) between information security standards and the NIST Cybersecurity Framework (CSF). As part of this pilot scheme, the ISF has produced an OLIR between the ISF’s Standard of Good Practice for Information Security 2018 (The Standard) and the NIST CSF Version 1.1.
From security practitioners to business leaders, in all industry sectors across the globe, the CSF has received growing attention as a tool for tackling cyber threats. The OLIR between The Standard and the CSF links 87 of the 131 Information Security topics found in The Standard to all 108 subcategories in the CSF. These links are designed for practitioners who currently utilize or are considering The Standard and would like to understand how the activities that they undertake can help them achieve the outcomes described by each subcategory. The remaining 44 topics in The Standard that are not linked to CSF subcategories cover areas of Information Security not directly found within the CSF, such as system development criteria or audit processes. Additional details on the coverage of the CSF Subcategories can be found in the OLIR document.
The Standard addresses the rapid pace at which threats and risks evolve and an organizations’ need to respond to escalating security threats from activities such as cybercrime, ‘hacktivism’, insider threats and espionage. The Standard is used widely across ISF membership which consists of many of the leading Fortune 500 and Forbes 2000 global companies. While the Standard has been designed with large organizations in mind, it is equally applicable to individual business units as well as small to medium-sized businesses (SMBs).
Updated on a biennial basis to reflect the latest findings from the ISF’s research program, input from global ISF member organizations, trends from the ISF Benchmark and major external developments including new legislation and other requirements, The Standard is business-friendly and used by many global organizations as their primary reference for information security. The Standard provides comprehensive controls and guidance on current and emerging information security topics enabling organizations to respond to the rapid pace at which threats, technology and risks evolve.
The ISF will be launching the latest edition of The Standard in 2020. The most recent version addresses topics such as Agile development, Industrial Control Systems and the EU General Data Protection Regulation (GDPR). Available at no cost to ISF member companies, The Standard can also be purchased by non-members. For more information on The Standard or any aspect of the ISF, please visit the ISF website.