Information Security forum launches new standard of good practice 2007

The Information Security Forum (ISF) today publicly launched the 2007 version of its international Standard of Good Practice for Information Security, which can be downloaded free of charge.

Aimed at major national and international organisations, the Standard provides a key resource for organisations committed to reducing the business risks associated with information systems.

Drawing on the practical experiences of over 300 leading international organisations including many of the Fortune 100 companies, the Standard reflects the latest thinking on information security through workshops, face-to-face meetings and interviews, as well as the results of the ISF's in-depth research and its comprehensive information security benchmarking tool - the Information Security Status Survey.

Building on previous versions released over the last 10 years, the 2007 version includes all the latest 'hot topics' in information security such as wireless access, endpoint security, identity management, security architecture, desktop applications, spreadsheets, portable storage devices and Voice over IP networks (VoIPs).

Complying with the Standard can help organisations conform with other information security-related standards such as ISO/IEC 27002 and COBIT v4.1, as well as addressing the information security aspects of increasing legal and regulatory requirements, such as Sarbanes-Oxley Act, Payment Card Industry Data Security Standard (PCI/DSS) and the EU Directive on Data Protection.

"All organisations face an increasing challenge to manage information security risk and meet growing legislative and corporate governance requirements," said Kim Aarenstrup, Chairman of the ISF and Group Head of Information Security at the A.P. Moller - Maersk Group.

"By making the Standard of Good Practice freely available, our aim is to raise awareness of information security and improve policies, standards and procedures; and to help organisations undertake risk analysis, develop best practice controls and measure their effectiveness."

The ISF's Standard of Good Practice is split into six key areas: security management, critical business applications, computer installations, networks, systems development and the end user environment. Within each section, the Standard provides key objectives and a clear overview of the practical measures and activities that need to be carried out to keep information risks under control.

The Standard of Good Practice represents just one part of the ISF's $100million investment to date in integrated research, reports, tools and advanced methodologies such as the ISF's Information Risk Analysis Methodology (IRAM) that are available to ISF Members.

In addition, ISF Members can take advantage of the ISF Information Security Status Survey; a powerful benchmarking tool that enables organisations to measure the effectiveness of their information security against the Standard and other leading companies.

Copies of the ISF Standard of Good Practice can be downloaded free from

The Information Security Forum was founded in 1989 and is a not-for-profit international association of over 300 leading international organisations, which fund and co-operate in the development of practical, business driven solutions to information security and risk management problems.

The ISF undertakes a leading-edge research programme and has invested more than US$100 million to create a library of over 200 authoritative reports along with information risk methodologies and tools that are available free of charge to ISF Members.