HOME

TheInfoList



Click Here for Items Related To - Information Security Forum
OR:
Information Security Forum on:   [Wikipedia]   [Google]   [Amazon]

The Information Security Forum (ISF) is an independent information security body.


Primary deliverables

The ISF delivers a range of content, activities, and tools. The ISF is a paid membership organisation: all its products and services are included in the membership fee. From time to time, the ISF makes research documents and other papers available to non-members.


''The Standard of Good Practice for Information Security''

The ISF released the updated ''Standard of Good Practice for Information Security'' in 2018. The Standard is available to ISF members and non-members, who can purchase copies of the report. The 2018 Standard represents an update on the 2016 release of the Standard, and builds upon the previous release to include the most up-to-date controls, approaches and thought leadership in information security. The standard is a business-focused, practical and comprehensive guide available for identifying and managing information security risks in organizations. The 2016 standard covers current information security 'hot topics' such as Threat Intelligence, Cyber Attack Protection and Industrial Control Systems, as well as, significant enhancement of existing topics including: Information Risk Assessment, Security Architecture and Enterprise Mobility Management. It can be used to build a comprehensive and effective information security management system. In addition to covering information security-related standards such as
COBIT COBIT (Control Objectives for Information and Related Technologies) is a framework created by ISACA for information technology (IT) management and IT governance. The framework is business focused and defines a set of generic processes for the m ...
5 for Information Security,
The CIS Critical Security Controls for Effective Cyber Defense The CIS Controls (formerly called the Center for Internet Security Critical Security Controls for Effective Cyber Defense) is a publication of best practice guidelines for computer security. The project was initiated early in 2008 in response t ...
, the 2016 standard covers
ISO/IEC 27002 ISO/IEC 27002 is an information security standard published by the International Organization for Standardization (ISO) and by the International Electrotechnical Commission (IEC), titled ''Information security, cybersecurity and privacy protect ...
as well as
PCI DSS The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard used to handle credit cards from major card scheme, card brands. The standard is administered by the Payment Card Industry Security Standards Council a ...
3.1 and the
NIST Cybersecurity Framework NIST Cybersecurity Framework is a set of guidelines for mitigating organizational cybersecurity risks, published by the US National Institute of Standards and Technology (NIST) based on existing standards, guidelines, and practices. The framewor ...
.


Research projects

Based on member input, the ISF selects a number of topics for research in a given year. The research includes interviewing member and non-member organizations and thought leaders, academic researchers, and other key individuals, as well as examining a range of approaches to the issue. The resulting reports typically go into depth describing the issue generally, outlining the key information security issues to be considered, and proposing a process to address the issue, based on best practices.


Methodologies and tools

For broad, fundamental areas, such as information risk assessment or return-on-investment calculations, the ISF develops comprehensive methodologies that formalize the approaches to these issues. Supporting the methodology, the ISF supplies web and spreadsheet-based tools to automate these functions.


The Benchmark

The ISF's Benchmark (formerly called the 'Information Security Status Survey') has a well-established pedigree – harnessing the collective input of hundreds of the world's leading organizations for over 25 years. Organizations can participate in the Benchmark service at any time and can use the web-based tool to assess their security performance across a range of different environments, compare their security strengths and weaknesses against other organizations, and measure their performance against the ISF's 2016 Standard of Good Practice, ISO/IEC 27002:2013, and COBIT version 5 for information security. The Benchmark provides a variety of data export functionality that can be used for analyzing and presenting data for management reporting and the creation of security improvement programs. It is updated on a biennial basis to align with the latest thinking in information security and provide the ISF Members with improved user experiences and added value.


Face-to-face networking

Regional chapter meetings and other activities provide for face-to-face networking among individuals from ISF member organisations. The ISF encourages direct member-to-member contact to address individual questions and to strengthen relationships. Chapter meetings and other activities are conducted around the world and address local issues and language/cultural dimensions.


Annual World Congress

The ISF's annual global conference, the 'World Congress', takes place in a different city each year. The 2017 conference will take place in October in
Cannes, France Cannes ( , , ; oc, Canas) is a city located on the French Riviera. It is a commune located in the Alpes-Maritimes department, and host city of the annual Cannes Film Festival, Midem, and Cannes Lions International Festival of Creativity. The ci ...
. The event offers an opportunity for attendees to discuss and find solutions to current security challenges, and gain practical advice from peers and leading industry experts from around the world. Over 1,000 global senior executives attend. The event includes a series of keynote presentations, workshops and networking sessions, best practice and thought leadership in a confidential peer-group environment.


Web portal (ISF Live)

The ISF's extranet portal, ISF Live, enables members to directly access all ISF materials, including member presentations, messaging forums, contact information, webcasts, online tools, and other data for member use.


Leadership

The members of the ISF, through the regional chapters, elect a Council to develop its work program and generally to represent member interests. The Council elects an 'Executive' group which is responsible for financial and strategic objectives.


See also

''See :Computer security for a list of all computing and information-security related articles''. * Standard of Good Practice * Information Systems Audit and Control Association *
International Organization for Standardization The International Organization for Standardization (ISO ) is an international standard development organization composed of representatives from the national standards organizations of member countries. Membership requirements are given in Art ...
*
SANS Institute The SANS Institute (officially the Escal Institute of Advanced Technologies) is a private U.S. for-profit company founded in 1989 that specializes in information security, cybersecurity training, and selling certificates. Topics available for t ...
*
Gartner Gartner, Inc is a technological research and consulting firm based in Stamford, Connecticut that conducts research on technology and shares this research both through private consulting as well as executive programs and conferences. Its client ...


References

{{reflist


External links


The Information Security Forum
Borough of Elmbridge Computer security organizations Cybercrime in the United Kingdom Information technology organisations based in the United Kingdom Non-profit organisations based in London Organisations based in Surrey Organizations established in 1989 Research organisations in the United Kingdom Science and technology in Surrey Security companies of the United Kingdom