Information Security Forum: Difference between revisions

Information Security Forum
Industry	information security best practice research
Founded	London, United Kingdom (1989)
Website	SecurityForum.org

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Inline

Latest revision as of 22:17, 24 December 2023

The Information Security Forum (ISF) is an independent information security body.

Primary deliverables

The ISF delivers a range of content, activities, and tools. The ISF is a paid membership organisation: all its products and services are included in the membership fee. From time to time, the ISF makes research documents and other papers available to non-members.

The Standard of Good Practice for Information Security

The ISF released the updated Standard of Good Practice for Information Security in 2018. The Standard is available to ISF members and non-members, who can purchase copies of the report. The 2018 Standard represents an update on the 2016 release of the Standard, and builds upon the previous release to include the most up-to-date controls, approaches and thought leadership in information security.

The standard is a business-focused, practical and comprehensive guide available for identifying and managing information security risks in organizations.^[1]

The 2016 standard covers current information security 'hot topics' such as Threat Intelligence, Cyber Attack Protection and Industrial Control Systems, as well as, significant enhancement of existing topics including Information Risk Assessment, Security Architecture and Enterprise Mobility Management. It can be used to build a comprehensive and effective information security management system. In addition to covering information security-related standards such as COBIT 5 for Information Security, The CIS Critical Security Controls for Effective Cyber Defense, the 2016 standard covers ISO/IEC 27002 as well as PCI DSS 3.1 and the NIST Cybersecurity Framework.

Research projects

Based on member input, the ISF selects a number of topics for research in a given year. The research includes interviewing member and non-member organizations and thought leaders, academic researchers, and other key individuals, as well as examining a range of approaches to the issue. The resulting reports typically go into depth describing the issue generally, outlining the key information security issues to be considered, and proposing a process to address the issue, based on best practices.

Methodologies and tools

For broad, fundamental areas, such as information risk assessment or return-on-investment calculations, the ISF develops comprehensive methodologies that formalize the approaches to these issues. Supporting the methodology, the ISF supplies web and spreadsheet-based tools to automate these functions.

The Benchmark

The ISF's Benchmark (formerly called the 'Information Security Status Survey') has a well-established pedigree – harnessing the collective input of hundreds of the world's leading organizations for over 25 years. Organizations can participate in the Benchmark service at any time and can use the web-based tool to assess their security performance across a range of different environments, compare their security strengths and weaknesses against other organizations, and measure their performance against the ISF's 2016 Standard of Good Practice, ISO/IEC 27002:2013, and COBIT version 5 for information security. The Benchmark provides a variety of data export functionality that can be used for analyzing and presenting data for management reporting and the creation of security improvement programs. It is updated on a biennial basis to align with the latest thinking in information security and provide the ISF Members with improved user experiences and added value.^[2]

Face-to-face networking

Regional chapter meetings and other activities provide for face-to-face networking among individuals from ISF member organisations. The ISF encourages direct member-to-member contact to address individual questions and strengthen relationships. Chapter meetings and other activities are conducted around the world and address local issues and language/cultural dimensions.^{[citation needed]}

Annual World Congress

The ISF's annual global conference, the 'World Congress', takes place in a different city each year. The 2017 conference will take place in October in Cannes, France. The event offers an opportunity for attendees to discuss and find solutions to current security challenges, and gain practical advice from peers and leading industry experts from around the world. Over 1,000 global senior executives attend. The event includes a series of keynote presentations, workshops and networking sessions, best practices and thought leadership in a confidential peer-group environment.^[2]

Web portal (ISF Live)

The ISF's extranet portal, ISF Live, enables members to directly access all ISF materials, including member presentations, messaging forums, contact information, webcasts, online tools, and other data for member use.^[3]

Leadership

The members of the ISF, through the regional chapters, elect a Council to develop its work program and generally to represent member interests. The Council elects an 'Executive' group which is responsible for financial and strategic objectives.

References

^ "Information Security Forum : The Standard of Good Practice for Information Security". Archived from the original on 2014-10-18. Retrieved 2014-10-13.
^ ^a ^b "Information Security Forum : 25th ISF Annual World Congress". Archived from the original on 2014-10-18. Retrieved 2014-10-13.
^ "Information Security Forum : ISF Live: Collaborate, Contribute and Participate". Archived from the original on 2014-10-18. Retrieved 2014-10-13.

External links

The Information Security Forum

[1] "Information Security Forum : The Standard of Good Practice for Information Security". Archived from the original on 2014-10-18. Retrieved 2014-10-13.

[:0-2] "Information Security Forum : 25th ISF Annual World Congress". Archived from the original on 2014-10-18. Retrieved 2014-10-13.

[3] "Information Security Forum : ISF Live: Collaborate, Contribute and Participate". Archived from the original on 2014-10-18. Retrieved 2014-10-13.

[1]

[2]

[3]

@@ Line 1: / Line 1: @@
+{{Short description|Organization in the United Kingdom}}
-{{no footnotes|date=February 2014}}
+{{Multiple issues|
+{{notability|Companies|date=February 2018}}
+{{more footnotes|date=December 2016}}
+}}
 {{Infobox company
-| company_name = Information Security Forum
+| name = Information Security Forum
-| company_logo = [[Image:Simplelowrez.png]]
+| logo = Simplelowrez.png
 | foundation = [[London, United Kingdom]] (1989)
 | industry = [[information security]] [[best practice]] research
@@ Line 8: / Line 13: @@
 }}
-The '''Information Security Forum (ISF)''' is an independent, not-for-profit association of organizations from around the world. It is dedicated to investigating, clarifying and resolving key issues in [[information security]], and developing best practice methodologies, processes and solutions that meet the business needs of its members.
+The '''Information Security Forum''' ('''ISF''') is an independent information security body.
-Founded in 1989 (originally as the European Security Forum), the ISF has steadily expanded its mission and membership. It now includes hundreds of members{{cn|date=February 2014}} with groups of members organized into regional chapters. The ISF is headquartered in London, United Kingdom, and has staff based in several cities around the world.
-In addition to conducting a comprehensive benchmarking program{{cn|date=February 2014}}, the ISF runs regional chapter meetings, implementation training workshops, and a large annual conference (called the 'World Congress'), as well as developing and publishing research reports and tools which address a wide variety of subjects. Its research agenda is driven entirely by its member organizations, who govern all ISF activities.
 ==Primary deliverables==
-The ISF delivers a range of content, activities, and tools, summarized below.
+The ISF delivers a range of content, activities, and tools.
+The ISF is a paid membership organisation: all its products and services are included in the membership fee. From time to time, the ISF makes research documents and other papers available to non-members.
-The ISF is a paid membership organization: all its products and service are included in the membership fee. From time to time, the ISF makes research documents and other papers available to non-members.
 ===''The Standard of Good Practice for Information Security''===
-{{main|Standard of Good Practice}}
+{{main|Standard of Good Practice for Information Security}}
-The ISF released its 2012 ''Standard of Good Practice for Information Security'' in July 2012. It is available to ISF members and non-members can purchase copies. The 2012 Standard represents a partial update on the 2011 release of the Standard, and builds upon the previous release to include the most up-to-date controls, approaches and thought seadership in information security.
+The ISF released the updated ''Standard of Good Practice for Information Security'' in 2018. The Standard is available to ISF members and non-members, who can purchase copies of the report. The 2018 Standard represents an update on the 2016 release of the Standard, and builds upon the previous release to include the most up-to-date controls, approaches and thought leadership in information security.
-The standard is a business-focussed{{cn|date=February 2014}}, practical{{cn|date=February 2014}} and comprehensive{{cn|date=February 2014}} guide available for identifying and managing information security risks in organizations.
+The standard is a business-focused, practical and comprehensive guide available for identifying and managing information security risks in organizations.<ref>{{cite web |url=https://www.securityforum.org/tools/sogp/ |title=Information Security Forum : The Standard of Good Practice for Information Security |accessdate=2014-10-13 |url-status=dead |archiveurl=https://web.archive.org/web/20141018220906/https://www.securityforum.org/tools/sogp/ |archivedate=2014-10-18 }}</ref>
-The 2012 standard covers current information security 'hot topics' such as consumer devices, critical infrastructure, cybercrime attacks, office equipment, spreadsheets and databases and cloud computing. It can be used to build a comprehensive and effective information security management system. In addition to covering information security-related standards such as [[COBIT]], [[NIST]] SP 800-53 and [[PCI DSS]], the 2012 standard covers [[ISO/IEC 27001]]/[[ISO/IEC 27002|2]], as well as two new draft standards: [[ISO 27014]] (security governance) and [[ISO 27036]] (external suppliers).
+The 2016 standard covers current information security 'hot topics' such as Threat Intelligence, Cyber Attack Protection and Industrial Control Systems, as well as, significant enhancement of existing topics including Information Risk Assessment, Security Architecture and Enterprise Mobility Management. It can be used to build a comprehensive and effective information security management system. In addition to covering information security-related standards such as [[COBIT]] 5 for Information Security, [[The CIS Critical Security Controls for Effective Cyber Defense]], the 2016 standard covers [[ISO/IEC 27002]] as well as [[PCI DSS]] 3.1 and the [[NIST Cybersecurity Framework]].
-The standard will undergo a significant update in 2013 to align with changes and trends in information security, as well as to deliver greater value to the ISF's members.
 ===Research projects===
-Based on member input, the ISF selects a number of topics for research in a given year. The research includes interviewing member and non-member organizations and thought leaders, academic researchers, and other key individuals, as well as examining the range of approaches to the issue. The resulting reports typically go into depth describing the issue generally, outlining the key [[information security]] issues to be considered, and proposing a process to address the issue, based on best practices.
+Based on member input, the ISF selects a number of topics for research in a given year. The research includes interviewing member and non-member organizations and thought leaders, academic researchers, and other key individuals, as well as examining a range of approaches to the issue. The resulting reports typically go into depth describing the issue generally, outlining the key information security issues to be considered, and proposing a process to address the issue, based on best practices.
 ===Methodologies and tools===
-For broad, fundamental areas, such as information risk assessment or return-on-investment calculations, the ISF develops comprehensive methodologies that formalize the approaches to these issues. Supporting the methodology, the ISF supplies Web-based and spreadsheet-based tools to automate these functions.
+For broad, fundamental areas, such as information risk assessment or return-on-investment calculations, the ISF develops comprehensive methodologies that formalize the approaches to these issues. Supporting the methodology, the ISF supplies web and spreadsheet-based tools to automate these functions.
-===Benchmarking program===
+===The Benchmark===
-The ISF's Continuous Benchmarking tools (formerly called the 'Information Security Status Survey') have a well-established pedigree – harnessing the collective input of hundreds of the world's leading organizations for nearly 20 years. Organizations can participate in the Continuous Benchmarking service at any time and can use the tool to: assess their security performance across a range of different environments; compare their security status against other organisations; and measure their performance against the ISF's 2011 [[Standard of Good Practice]], ISO/IEC 27002, and COBIT version 4.1.
+The ISF's Benchmark (formerly called the 'Information Security Status Survey') has a well-established pedigree – harnessing the collective input of hundreds of the world's leading organizations for over 25 years. Organizations can participate in the Benchmark service at any time and can use the web-based tool to assess their security performance across a range of different environments, compare their security strengths and weaknesses against other organizations, and measure their performance against the ISF's 2016 Standard of Good Practice, ISO/IEC 27002:2013, and COBIT version 5 for information security.  The Benchmark provides a variety of data export functionality that can be used for analyzing and presenting data for management reporting and the creation of security improvement programs. It is updated on a biennial basis to align with the latest thinking in information security and provide the ISF Members with improved user experiences and added value.<ref name=":0" />
 ===Face-to-face networking===
-Regional chapter meetings and other activities provide for face-to-face networking among individuals from ISF member organizations. The ISF encourages direct member-to-member contact to address individual questions and to strengthen relationships. Chapter meetings and other activities are conducted around the world and address local issues and language/cultural dimensions.{{cn|date=February 2014}}
+Regional chapter meetings and other activities provide for face-to-face networking among individuals from ISF member organisations. The ISF encourages direct member-to-member contact to address individual questions and strengthen relationships. Chapter meetings and other activities are conducted around the world and address local issues and language/cultural dimensions.{{citation needed|date=February 2014}}
 ===Annual World Congress===
-The ISF's annual global conference, the 'World Congress', takes place in a different city each year. The 2014 conference will take place in November in [[Copenhagen, Denmark]]. The typically three-day conference includes plenary sessions by leaders in [[information security]], personal development, practical workshops conducted by member organizations, an exhibition and a substantial evening social program. The event focuses on information security practitioners; the participation of vendors is limited to an exhibition area and a few invited speakers. The conference is preceded by in-depth workshops.{{cn|date=February 2014}}
+The ISF's annual global conference, the 'World Congress', takes place in a different city each year. The 2017 conference will take place in October in [[Cannes, France]]. The event offers an opportunity for attendees to discuss and find solutions to current security challenges, and gain practical advice from peers and leading industry experts from around the world. Over 1,000 global senior executives attend. The event includes a series of keynote presentations, workshops and networking sessions, best practices and thought leadership in a confidential peer-group environment.<ref name=":0">{{cite web |url=https://www.securityforum.org/events/isf-annual-world-congress/ |title=Information Security Forum : 25th ISF Annual World Congress |accessdate=2014-10-13 |url-status=dead |archiveurl=https://web.archive.org/web/20141018222734/https://www.securityforum.org/events/isf-annual-world-congress/ |archivedate=2014-10-18 }}</ref>
-===Web portal (MX)===
+===Web portal (ISF Live)===
-The ISF's extranet portal, 'Member Exchange' (MX), enables members to directly access all ISF materials, including member presentations, and also includes messaging forums, contact information, webcasts, on-line tools, and other data for member use.{{cn|date=February 2014}}
+The ISF's extranet portal, ISF Live, enables members to directly access all ISF materials, including member presentations, messaging forums, contact information, webcasts, online tools, and other data for member use.<ref>{{cite web |url=https://www.securityforum.org/membership/isflive/ |title=Information Security Forum : ISF Live: Collaborate, Contribute and Participate |accessdate=2014-10-13 |url-status=dead |archiveurl=https://web.archive.org/web/20141018220958/https://www.securityforum.org/membership/isflive/ |archivedate=2014-10-18 }}</ref>
 ===Leadership===
@@ Line 52: / Line 50: @@
 ==See also==
 ''See [[:Category:Computer security]] for a list of all computing and information-security related articles''.
-*[[Standard of Good Practice]]
 *[[Information Systems Audit and Control Association]]
 *[[International Organization for Standardization]]
@@ Line 64: / Line 61: @@
 *[http://www.securityforum.org The Information Security Forum]
+[[Category:Borough of Elmbridge]]
 [[Category:Computer security organizations]]
+[[Category:Cybercrime in the United Kingdom]]
+[[Category:Information technology organisations based in the United Kingdom]]
 [[Category:Non-profit organisations based in London]]
+[[Category:Organisations based in Surrey]]
 [[Category:Organizations established in 1989]]
 [[Category:Research organisations in the United Kingdom]]
+[[Category:Science and technology in Surrey]]
 [[Category:Security companies of the United Kingdom]]