The Information Security Forum (ISF) is an independent information security body.

Activities and publications

The ISF delivers a range of content, activities, and tools. It is a paid membership organisation: all its products and services are included in the membership fee. From time to time, the ISF makes research documents and other papers available to non-members.

Standard of Good Practice

The ISF released the updated ''Standard of Good Practice for Information Security'' in 2018. The 2018 version builds upon the 2016 release and includes updated controls, approaches, and developments in information security. The standard is intended to help organisations manage information security risks. The 2016 standard covers current information security topics such as threat intelligence, cyber attack protection, and industrial control systems, as well as significant enhancement of existing topics including Information Risk Assessment, Security Architecture and Enterprise Mobility Management. It can be used to build a framework for developing an information security management system. In addition to covering information security-related standards such as

COBIT COBIT (Control Objectives for Information and Related Technologies) is a framework created by ISACA for information technology (IT) management and IT governance. The framework is business focused and defines a set of generic processes for the ...

5 for Information Security, The CIS Critical Security Controls for Effective Cyber Defense, the 2016 standard covers ISO/IEC 27002 as well as PCI DSS 3.1 and the NIST Cybersecurity Framework. In 2014, ''Infosecurity Magazine'' reported that the ISF had mapped its Standard of Good Practice to the NIST Cybersecurity Framework, providing a reference point for organizations seeking to align with NIST control objectives. According to the article, the ISF standard also addresses additional topics such as information security governance,

supply chain management In commerce, supply chain management (SCM) deals with a system of procurement (purchasing raw materials/components), operations management, logistics and marketing channels, through which raw materials can be developed into finished produc ...

data privacy Information privacy is the relationship between the collection and dissemination of data, technology, the public expectation of privacy, contextual information norms, and the legal and political issues surrounding them. It is also known as data ...

, and mobile device security, and is updated annually based on member feedback, benchmarking, and developments in global legislation and standards. A 2013 report commissioned by the UK Department for Business, Innovation and Skills identified the ISF’s Standard of Good Practice for Information Security as a widely used cyber security standard. According to the report, it “covers the complete spectrum of information security arrangements that need to be made to keep the business risks associated with information systems within acceptable limits, and presents good practice in practical, clear statements”. In a 2006 report,

Carnegie Mellon University Carnegie Mellon University (CMU) is a private research university in Pittsburgh, Pennsylvania, United States. The institution was established in 1900 by Andrew Carnegie as the Carnegie Technical Schools. In 1912, it became the Carnegie Institu ...

's Software Engineering Institute described the ISF as an international association of over 280 organizations that cooperate on practical research in information security. The report noted that the ISF’s Standard of Good Practice for Information Security is a guideline organized into six aspects: security management, critical business applications, computer installations, networks, systems development, and end user environment. Each aspect includes multiple areas and detailed practices.

Research projects

Based on member input, the ISF selects a number of topics for research in a given year. The research includes interviewing member and non-member organizations and thought leaders, academic researchers, and other key individuals, as well as examining a range of approaches to the issue. The resulting reports typically go into depth describing the issue generally, outlining the key information security issues to be considered, and proposing a process to address the issue, based on best practices. In 2020, ''Security Magazine'' reported that the ISF had released a paper titled ''Deploying Open Source Software: Challenges and Rewards'', aimed at helping security professionals understand the benefits and perceived challenges of using

open source software Open-source software (OSS) is Software, computer software that is released under a Open-source license, license in which the copyright holder grants users the rights to use, study, change, and Software distribution, distribute the software an ...

(OSS). The article described OSS as “a core part of IT infrastructure and applications” and noted that the ISF's guidance helps organizations “set up a program of protective measures to effectively manage OSS.” The publication also highlighted that the rise of agile and

DevOps DevOps is the integration and automation of the software development and information technology operations. DevOps encompasses necessary tasks of software development and can lead to shortening development time and improving the development life ...

methodologies has driven increased OSS adoption.

Benchmarking program

The ISF's Benchmark (formerly called the 'Information Security Status Survey') has been developed using input from member organisations over a 25-year period. Organizations can participate in the Benchmark service at any time and can use the web-based tool to assess their security performance across a range of different environments, compare their security strengths and weaknesses against other organizations, and measure their performance against the ISF's 2016 Standard of Good Practice, ISO/IEC 27002:2013, and COBIT version 5 for information security. The Benchmark provides a variety of data export functionality that can be used for analyzing and presenting data for management reporting and the creation of security improvement programs. It is updated on a biennial basis to align with the latest thinking in information security and to reflect changes in the information security landscape.

Events

The ISF's annual global conference, the 'World Congress', takes place in a different city each year. The 2017 conference took place in October in Cannes, France. The event features sessions on information security topics and organisational practices and includes presentations and discussions with information security professionals from various sectors. Over 1,000 global senior executives attend. The event includes a series of keynote presentations, workshops and networking sessions, best practices and thought leadership.

Online portal

The ISF's extranet portal, ISF Live, enables members to directly access all ISF materials, including member presentations, messaging forums, contact information, webcasts, online tools, and other data for member use.

References

{{reflist

External links

The Information Security Forum
Borough of Elmbridge Computer security organizations Cybercrime in the United Kingdom Information technology organisations based in the United Kingdom Non-profit organisations based in London Organisations based in Surrey Organizations established in 1989 Research organisations in the United Kingdom Science and technology in Surrey Security companies of the United Kingdom