 Unternehmensberatung UG(haftungsbeschränkt) |
|
> Nachrichtenticker
> Archiv |
| GRATIS Online Buchhaltung | GRATIS Online Organisation |
| IT-AUDIT | |||
. |
IT SECURITY | ||
|
|||
|
|||
| CobiT | |||
| ITIL | |||
| ERP | |||
| Information Privacy | |||
| IAS/IFRS | |||
| NEWS | |||
NewsletterBitte melden Sie sich bei unserem Newsletter an. |
|
| Email: | |
| anmelden | |
| abmelden | |
| Datum: 07.02.2012 | > Login > Registrierung |
|
|
The Information Security Forum (ISF) is the world's leading independent authority on information security. By harnessing the ISF's world-renowned expertise and the collective knowledge and experience of our members - including 50% of Fortune 100 companies - the ISF delivers practical guidance and solutions to overcome wide-ranging security challenges impacting business information today. The ISF is an international not-for-profit organisation driven by its Members. Over 300 leading companies and public sector organisations, fund and cooperate in the development of practical research about information security. With more than US$75 million already invested in providing authoritative best-practice material, along with powerful business-driven methodologies and tools, the ISF offer independent solutions for IT-security. As follows, we display the information given on the ISF-internet page about the ISF-Standard of Good Practice: The Standard of Good Practice for Information Security (the Standard) is the foremost authority on information security. It addresses information security from a business perspective, providing a practical basis for assessing an organisation’s information security arrangements. The Standard represents part of the ISF's information risk management suite of products and is based on a wealth of material, in-depth research, and the extensive knowledge and practical experience of ISF Members worldwide. The Standard is updated at least every two years in order to: • respond to the needs of leading international organisations • refine areas of best practice for information security • reflect the most up-to-date thinking in information security • remain aligned with other information security-related standards, such as ISO 27002 (17799), COBIT v4.1 and PCI/DSS • include information on the latest ‘hot topics’. Features of the Standard The Standard contains a broad range of features (as shown below), covering the entire spectrum of arrangements that need to be made to keep the business risks associated with information systems within acceptable limits. As a result, it is a major tool for improving the quality and efficiency of information security controls applied by an organisation. Basis for the Standard Since the first release of the Standard in 1996, it has been developed and enhanced every two years, using a proven methodology, to produce the international standard for information security. Target audience The Standard is aimed at major national and international organisations that recognise information security as a key business issue. However, the Standard will also be of real, practical use to any type of organisation, such as a small- to medium-sized enterprise. Good practice detailed in the Standard will typically be incorporated into an organisation’s information security arrangements by a range of key individuals or third parties, including: • information security managers or equivalent, responsible for promoting or implementing information security • business managers responsible for running critical business applications and managing end user environments • IT managers responsible for planning, developing, installing, running or maintaining key information systems or facilities • IT audit managers responsible for conducting security audits of particular environments • outsource providers responsible for managing IT facilities (eg computer installations and networks) on behalf of the organisation. Why use the Standard? Organisations today continue to face many, and often increasing, challenges when managing information risks across the enterprise. As a result, organisations look at ways to help address those challenges when making information security arrangements. Challenges that many organisations typically face when implementing information security include: • an ever-increasing reliance on IT-based information systems, which are becoming more complex and integrated • a significant increase in the number and scale of threats to applications, computers and networks, which are in turn often based on rapidly changing technology • continual discovery of vulnerabilities in existing and new technology, which if exploited can have significant business implications • organisations’ requirements for improved effectiveness and productivity of systems and staff, while reducing costs • increased focus on the need to comply with increasing legal and regulatory requirements (such as the Sarbanes-Oxley Act, Basel II and Privacy or Data Protection legislation) • the growing drive to meet major information security-related standards, such as ISO/IEC 27002 (17799) and COBIT • a general lack of key skills, expertise and other resources in many important areas of the organisation. To meet the challenges associated with implementing information security, organisations require a clear understanding of what constitutes good practice in information security. The Standard consists of a comprehensive set of information security-specific controls, reflecting the findings from a wide range of ISF projects, such as Information Risk Analysis, Security Architecture, Securing Business Applications, Monitoring Compliance, Information Classification and Information Security Strategy. Included in the Standard are topics that are extremely important to many organisations including: • Controls aimed at complying with legal and regulatory requirements, such as Sarbanes-Oxley Act 2002, the Payment Card Industry (PCI) Data Security Standard, Basel II 1998, and the EU Directive on Data Protection • Coverage of all the main security controls in other major information security-related standards, such as ISO/IEC 27002 (17799) and COBIT • ‘hot topics’ in information security, such as Threat Horizon, Digital Rights Management, Eurosox and Virtualisation (eg reflecting the output from ISF Briefings and ‘Future Watch’ projects). Consequently, the Standard of Good Practice is used by many organisations as the basis for their internal information security standards and guidelines, and as a key resource to assist them in meeting their compliance obligations. Source: Information Security Forum Limited |
|
GRATIS Online Buchhaltung | GRATIS Online Organisation |