Information Security Forum
Encyclopedia
The Information Security Forum (ISF) is an independent, not-for-profit association of leading organizations from around the world. It is dedicated to investigating, clarifying and resolving key issues in information security
, and developing best practice methodologies, processes and solutions that meet the business needs of its members.
ISF members benefit from harnessing and sharing in-depth knowledge and practical experience drawn from within their organizations and developed through an extensive research and work program.
Founded in 1989 (originally as the European Security Forum), the ISF has steadily expanded its mission and membership. It now includes hundreds of members, including a large number of Fortune 500 companies, with groups of members organized into regional chapters. The ISF is headquartered in London, United Kingdom, and has staff based in several cities around the world.
In addition to conducting a comprehensive benchmarking program, the ISF runs regional chapter meetings, implementation training workshops, and a large annual conference (called the 'World Congress'), as well as developing and publishing research reports and tools which address a wide variety of subjects. Its research agenda is driven entirely by its member organizations, who govern all ISF activities.
The ISF is a paid membership organization: all its products and service are included in the membership fee. From time to time, the ISF makes research documents and other papers available to non-members.
The 2011 Standard covers current information security 'hot topics' such as consumer devices, critical infrastructure, cybercrime attacks, office equipment, spreadsheets and databases and cloud computing. It can be used to build a comprehensive and effective information security management system. In addition to covering information security-related standards such as COBIT
, NIST SP 800-53 and PCI DSS
, the 2011 Standard covers ISO/IEC 27001/2, as well as two new draft standards: ISO 27014 (security governance) and 27036 (external suppliers).
The 2011 Standard will be updated annually.
issues to be considered, and proposing a process to address the issue, based on best practices.
, ISO/IEC 27002, and COBIT version 4.1.
, personal development, practical workshops conducted by member organizations, an exhibition and a substantial evening social program. The event focuses on information security practitioners; the participation of vendors is limited to an exhibition area and a few invited speakers. The conference is preceded by in-depth workshops.
Information security
Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction....
, and developing best practice methodologies, processes and solutions that meet the business needs of its members.
ISF members benefit from harnessing and sharing in-depth knowledge and practical experience drawn from within their organizations and developed through an extensive research and work program.
Founded in 1989 (originally as the European Security Forum), the ISF has steadily expanded its mission and membership. It now includes hundreds of members, including a large number of Fortune 500 companies, with groups of members organized into regional chapters. The ISF is headquartered in London, United Kingdom, and has staff based in several cities around the world.
In addition to conducting a comprehensive benchmarking program, the ISF runs regional chapter meetings, implementation training workshops, and a large annual conference (called the 'World Congress'), as well as developing and publishing research reports and tools which address a wide variety of subjects. Its research agenda is driven entirely by its member organizations, who govern all ISF activities.
Primary deliverables
The ISF delivers a range of content, activities, and tools, summarized below.The ISF is a paid membership organization: all its products and service are included in the membership fee. From time to time, the ISF makes research documents and other papers available to non-members.
The Standard of Good Practice for Information Security
The ISF released its 2011 Standard of Good Practice for Information Security (the 2011 Standard) in June 2011. It is available to ISF members and non-members can purchase copies. Updated for the first time in four years, the 2011 Standard is the most business-focussed, practical and comprehensive guide available for identifying and managing information security risks in organizations.The 2011 Standard covers current information security 'hot topics' such as consumer devices, critical infrastructure, cybercrime attacks, office equipment, spreadsheets and databases and cloud computing. It can be used to build a comprehensive and effective information security management system. In addition to covering information security-related standards such as COBIT
COBIT
COBIT is a framework created by ISACA for information technology management and IT Governance. It is a supporting toolset that allows managers to bridge the gap between control requirements, technical issues and business risks.-Overview:...
, NIST SP 800-53 and PCI DSS
PCI DSS
The Payment Card Industry Data Security Standard is an information security standard for organizations that handle cardholder information for the major debit, credit, prepaid, e-purse, ATM, and POS cards....
, the 2011 Standard covers ISO/IEC 27001/2, as well as two new draft standards: ISO 27014 (security governance) and 27036 (external suppliers).
The 2011 Standard will be updated annually.
Research projects
Based on member input, the ISF selects a number of topics for research in a given year. The research includes interviewing member and non-member organizations and thought leaders, academic researchers, and other key individuals, as well as examining the range of approaches to the issue. The resulting reports typically go into depth describing the issue generally, outlining the key information securityInformation security
Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction....
issues to be considered, and proposing a process to address the issue, based on best practices.
Methodologies and tools
For broad, fundamental areas, such as information risk assessment or return-on-investment calculations, the ISF develops comprehensive methodoligies that formalize the approaches to these issues. Supporting the methodology, the ISF supplies Web-based and spreadsheet-based tools to automate these functions.Benchmarking program
The ISF's Continuous Benchmarking tools (formerly called the 'Information Security Status Survey') have a well-established pedigree – harnessing the collective input of hundreds of the world's leading organizations for nearly 20 years. Organizations can participate in the Continuous Benchmarking service at any time and can use the tool to: assess their security performance across a range of different environments; compare their security status against other organisations; and measure their performance against the ISF's 2011 Standard of Good PracticeStandard of Good Practice
The Standard of Good Practice for Information Security, published by the Information Security Forum , is a business-focused, practical and comprehensive guide to identifying and managing information security risks in organizations and their supply chains....
, ISO/IEC 27002, and COBIT version 4.1.
Face-to-Face Networking
Regional chapter meetings and other activities provide for face-to-face networking among individuals from ISF member organizations. The ISF encourages direct member-to-member contact to address individual questions and to strengthen relationships. Chapter meetings and other activities are conducted around the world and address local issues and language/cultural dimensions.Annual World Congress
The ISF's annual global conference, the 'World Congress', takes place in a different city each year. The 2011 conference will take place in September in Berlin, Germany. The typically three-day conference includes plenary sessions by leaders in information securityInformation security
Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction....
, personal development, practical workshops conducted by member organizations, an exhibition and a substantial evening social program. The event focuses on information security practitioners; the participation of vendors is limited to an exhibition area and a few invited speakers. The conference is preceded by in-depth workshops.
Web portal (MX)
The ISF's extranet portal, 'Member Exchange' (MX), enables members to directly access all ISF materials, including member presentations, and also includes messaging forums, contact information, webcasts, on-line tools, and other data for member use.Leadership
The members of the ISF, through the regional chapters, elect a Council to develop its work program and generally to represent member interests. The Council elects an 'Executive' group which is responsible for financial and strategic objectives.See also
See :Category:Computer security for a list of all computing and information-security related articles.- Standard of Good PracticeStandard of Good PracticeThe Standard of Good Practice for Information Security, published by the Information Security Forum , is a business-focused, practical and comprehensive guide to identifying and managing information security risks in organizations and their supply chains....
- Information Systems Audit and Control AssociationInformation Systems Audit and Control AssociationISACA is an international professional association that deals with IT Governance. It is an affiliate member of IFAC. Previously known as the Information Systems Audit and Control Association, ISACA now goes by its acronym only, to reflect the broad range of IT governance professionals it...
- International Organization for StandardizationInternational Organization for StandardizationThe International Organization for Standardization , widely known as ISO, is an international standard-setting body composed of representatives from various national standards organizations. Founded on February 23, 1947, the organization promulgates worldwide proprietary, industrial and commercial...
- SANS InstituteSANS InstituteThe SANS Institute is a private US company that specializes in internet security training. It was founded in 1989, provides computer security training, professional certification through Global Information Assurance Certification , and a research archive - the SANS Reading Room...
- GartnerGartnerGartner, Inc. is an information technology research and advisory firm headquartered in Stamford, Connecticut, United States. It was known as GartnerGroup until 2001....