The Standard of Good Practice for Information Security 2016 (the Standard) provides comprehensive controls and guidance on current and emerging information security topics enabling organisations to respond to the rapid pace at which threats, technology and risks evolve.

Implementing the Standard helps organisations to:

– Identify how regulatory and compliance requirements can be met

– Respond to rapidly evolving threats, including sophisticated cyber security attacks by using threat intelligence to increase cyber resilience

– Be agile and exploit new opportunities – while ensuring that associated information risks are managed to acceptable levels.

The latest edition of the Standard includes the introduction of topics such as: Threat Intelligence, Cyber Attack Protection and Industrial Control Systems, as well as, significant enhancement of existing topics including: Information Risk Assessment, Security Architecture and Enterprise Mobility Management.

The Standard, along with the ISF Benchmark; a comprehensive security control assessment tool, provide complete coverage of the topics set out in ISO/IEC 27002:2013, COBIT 5 for Information Security, NIST Cybersecurity Framework, CIS Top 20 Critical Security Controls for Effective Cyber Defense and Payment Card Industry Data Security Standard (PCI DSS) version 3.1.

Executive Summary and Press Release

The ISF Standard of Good Practice for Information Security

Please fill out the form below to download a complimentary Executive Summary and Press Release.

Please provide your details to download this document:

Please check this box to confirm that you have read and agree with our Privacy Policy and Terms Of Use

By downloading this document you agree to being contacted by the ISF.

Please enter the email address you previously registered with to access the download: