Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operations

10/3/2018
02:25 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Information Security Forum Releases Standard of Good Practice 2018

All-in-One guide used by global organizations as primary reference for information security best practices

The Information Security Forum (ISF) has published a major update to its Standard of Good Practice (The Standard) for IT security professionals, the industry's most business-focused, all-in-one guide to information security assurance, presenting business-orientated information security topics with practical and trusted guidance.  The Standard delivers comprehensive coverage of information security controls and information risk-related guidance, providing ISF Members with an internationally recognized set of good practice covering all aspects of cyber resilience, information security and risk management. The latest edition of The Standard includes enhanced coverage of the following hot topics: Agile system development, alignment of information risk with operational risk, collaboration platforms, industrial control systems, information privacy and threat intelligence.

"Managing risk is vital for organizations to deliver their strategies, initiatives and goals. Consequently, information risk management is relevant only if it enables the organization to achieve these objectives, ensuring it is well positioned to succeed and is resilient to unexpected events, such as those caused by sophisticated cyber attacks," said Steve Durbin, Managing Director, ISF. "The Standard is used widely across the ISF membership which consists of many of the leading Fortune 500 and Forbes 2000 global companies. It provides extensive coverage of information security topics including those associated with security strategy, incident management, business continuity, resilience and crisis management. The latest edition enables organizations to improve their resilience against a wide-ranging array of threats and low probability, high-impact events that can threaten the success of the organization."

The Standard addresses the rapid pace at which threats and risks evolve and an organizations' need to respond to escalating security threats from activities such as cybercrime, 'hacktivism', insider threats and espionage. Updated on a biennial basis to reflect the latest findings from the ISF's research program, input from global ISF member organizations, trends from the ISF Benchmark and major external developments including new legislation and other requirements, The Standard is business-friendly and used by many global organizations as their primary reference for information security. The Standard provides comprehensive controls and guidance on current and emerging information security topics enabling organizations to respond to the rapid pace at which threats, technology and risks evolve.

Implementing the latest update of The Standard helps organizations to:

  • Be agile and exploit new opportunities, while ensuring that associated information risks are managed within acceptable levels
  • Respond to rapidly evolving threats, including sophisticated cyber security attacks, using threat intelligence to increase cyber resilience
  • Identify how regulatory and compliance requirements can be best met.

"Effective implementation depends on strong information risk assessment, so that controls described in The Standard are applied in line with risk," continued Durbin. "The best practices defined in The Standard will typically be incorporated into an organization's information security policy, business processes, environments and applications, and should be of great interest and relevance to a range of individuals within the organization as well as external stakeholders."

The Standard helps ISF members deliver up-to-date, best practices that can be integrated with their business processes, information security policy, risk management and compliance arrangements. As a result, The Standard helps the ISF, and its members, maintain their position at the leading edge of best practices in information security. Available at no cost to ISF member companies, The Standard can also be purchased by non-members. For more information on The Standard or any aspect of the ISF, please visit the ISF website, https://www.securityforum.org/.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Florida Town Pays $600K to Ransomware Operators
Curtis Franklin Jr., Senior Editor at Dark Reading,  6/20/2019
Pledges to Not Pay Ransomware Hit Reality
Robert Lemos, Contributing Writer,  6/21/2019
AWS CISO Talks Risk Reduction, Development, Recruitment
Kelly Sheridan, Staff Editor, Dark Reading,  6/25/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-1619
PUBLISHED: 2019-06-27
A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. The vulnerability is due to improper session ...
CVE-2019-1620
PUBLISHED: 2019-06-27
A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to upload arbitrary files on an affected device. The vulnerability is due to incorrect permission settings in affected DCNM software. An attacker could ex...
CVE-2019-1621
PUBLISHED: 2019-06-27
A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to gain access to sensitive files on an affected device. The vulnerability is due to incorrect permissions settings on affected DCNM software. An attacker...
CVE-2019-1622
PUBLISHED: 2019-06-27
A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to retrieve sensitive information from an affected device. The vulnerability is due to improper access controls for certain URLs on affected DCNM software...
CVE-2019-10133
PUBLISHED: 2019-06-26
A flaw was found in Moodle before 3.7, 3.6.4, 3.5.6, 3.4.9 and 3.1.18. The form to upload cohorts contained a redirect field, which was not restricted to internal URLs.