Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

9/17/2014
10:00 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Information Security Forum Releases Standard of Good Practice 2014

Annual Update Provides Guidance on the Implementation of the NIST Cybersecurity Framework

NEW YORK – September 16, 2014 ––  The Information Security Forum (ISF), a global, independent information security body considered the world's leading authority on cyber security and information risk management, has created a mapping between the US National Institute of Standards and Technology (NIST) Cybersecurity Framework and its annual Standard of Good Practice (The Standard) for IT security professionals. The Standard enables organizations to meet the control objectives set out in the NIST Cybersecurity Framework and extends well beyond the topics defined in the framework to include coverage of essential and emerging topics such as information security governance, supply chain management (SCM), data privacy, cloud security, information security audit and mobile device security.

“With the newly created mapping between the NIST Cybersecurity Framework and The Standard, ISF members can now determine which of their current controls satisfy the corresponding control objectives in the NIST Cybersecurity Framework, and thus demonstrate their alignment with it,” said Steve Durbin, Managing Director, ISF. “Using the NIST Cybersecurity Framework, together with The Standard and other information risk management tools, enables organizations of all sizes to effectively demonstrate to their stakeholders the progress they’ve made in building a robust cyber resilience approach.”

As cybersecurity increasingly becomes a national security issue, governments are taking a more active role in defining responses to cyber threats. In an initiative to respond to an executive order issued by President Barack Obama, NIST has released the first version of its Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity. The framework comprises five functions of cybersecurity activity, with a strong focus on incident response. These functions are further divided into categories, which correspond to various domains of information security; and subcategories, which express various outcomes or control objectives within these domains.

“Although the NIST Cybersecurity Framework is voluntary and intended for guidance rather than as a formal standard, one of its goals was to provide security practitioners with a common language for cybersecurity,” continued Durbin. “This common language makes use of familiar topics in information security and clearly-expressed control objectives within those topics.”

Updated annually to reflect the latest findings from the ISF’s research program, input from global member organizations, trends from the ISF Benchmark and major external developments including new legislation and other requirements, The Standard is used by many global organizations as their primary reference for information security. The Standard addresses the rapid pace at which threats and risks evolve and an organizations’ need to respond to escalating security threats from activities such as cybercrime, ‘hacktivism’, insiders and espionage. As a result, The Standard helps the ISF and its members maintain their position at the leading edge of good practice in information security.

Available at no cost to ISF member companies, The Standard can also be purchased by non-members. For more information on The Standard or any aspect of the ISF, please contact Steve Durbin at [email protected].

 

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
The Cold Truth about Cyber Insurance
Chris Kennedy, CISO & VP Customer Success, AttackIQ,  11/7/2019
6 Small-Business Password Managers
Curtis Franklin Jr., Senior Editor at Dark Reading,  11/8/2019
Black Hat Q&A: Hacking a '90s Sports Car
Black Hat Staff, ,  11/7/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprise
Assessing Cybersecurity Risk in Today's Enterprise
Security leaders are struggling to understand their organizations risk exposure. While many are confident in their security strategies and processes, theyre also more concerned than ever about getting breached. Download this report today and get insights on how today's enterprises assess and perceive the risks they face in 2019!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-18881
PUBLISHED: 2019-11-12
WSO2 IS as Key Manager 5.7.0 allows unauthenticated reflected XSS in the dashboard user profile.
CVE-2019-18882
PUBLISHED: 2019-11-12
WSO2 IS as Key Manager 5.7.0 allows stored XSS in download-userinfo.jag because Content-Type is mishandled.
CVE-2019-18873
PUBLISHED: 2019-11-12
FUDForum 3.0.9 is vulnerable to Stored XSS via the User-Agent HTTP header. This may result in remote code execution. An attacker can use a user account to fully compromise the system via a GET request. When the admin visits user information under "User Manager" in the control panel, the pa...
CVE-2019-18874
PUBLISHED: 2019-11-12
psutil (aka python-psutil) through 5.6.5 can have a double free. This occurs because of refcount mishandling within a while or for loop that converts system data into a Python object.
CVE-2019-18862
PUBLISHED: 2019-11-11
maidag in GNU Mailutils before 3.8 is installed setuid and allows local privilege escalation in the url mode.