The latest edition of the Standard of Good Practice for Information Security 2018 (the Standard) provides business-orientated focus on current and emerging information security topics. This includes enhanced coverage of the following hot topics: Agile system development, alignment of information risk with operational risk, collaboration platforms, Industrial Control Systems (ICS), information privacy and threat Intelligence.

With its comprehensive coverage of information security controls and information risk-related guidance, it provides business leaders and their teams with an internationally recognised set of good practices. By implementing the Standard, it helps organisations to:

– be agile and exploit new opportunities, while ensuring that associated information risks are kept within acceptable levels

– respond to rapidly evolving threats, including sophisticated cyber-attacks, using threat intelligence to increase cyber resilience

– identify how regulatory and compliance requirements can best be met

The Standard, along with the ISF Benchmark; the ISF’s comprehensive security control assessment tool, provides complete coverage of the topics set out in ISO/IEC 27002:2013, NIST Cybersecurity Framework, CIS Top 20, PCI DSS and COBIT 5 for Information Security.”

The Standard acts as a business enabler for individuals performing the following roles: CISOs, Information Security Managers, Risk Management Specialists, Business Managers, IT Managers and Technical Specialists, Internal and External Auditors, IT Service Providers, Procurement and Vendor Management teams.

Executive Summary

The ISF Standard of Good Practice for Information Security 2018

Please fill out the form below to download a complimentary Executive Summary.