- Information Security Forum
The Information Security Forum (ISF) is an international, independent, not-for-profit organization dedicated to benchmarking and best practices in
information security . It was established in1989 as the European Security Forum but expanded its mission and membership in the 1990s, so that it now includes hundreds of members, including a large number of Fortune 500 companies, from North America, Asia, and other locations around the world. Groups of members are organized as "chapters" throughout Europe, Africa, Asia, the Middle East, and North America. The ISF is headquartered in London, England, but also has staff based in New York City.The membership of the ISF is international and includes large organizations in transportation, financial services, chemical/pharmaceutical, manufacturing, government, retail, media, telecommunications, energy, transportation, professional services, and other sectors.
In addition to the benchmarking program, the ISF runs regional chapter meetings, topical workshops, a large annual conference (called the "World Congress"), and develops and publishes research reports and tools addressing a wide variety of subjects. Its research agenda is driven entirely by its member organizations, who govern all ISF activities.
Primary deliverables
The ISF delivers and range of content, activities, and tools, which are summarized below.
The ISF is a paid membership organization, although the
Standard of Good Practice is available for free. From time to time, the ISF makes other research documents available for free. In the past, the ISF has given away a comprensive checklist on Windows server security and a report entitled "The Disappearance of the Network Boundary". Other products and service are included in the membership fee.The Standard of Good Practice
Every two years, the ISF revises and publishes the
Standard of Good Practice , a detailed documentation of best practices ininformation security , based on research and a comprehensive benchmarking program that has captured security behavior and detailed incident data for many years.Research projects
Based on member input, the ISF selects a number of topics for research in a given year. The research includes interviewing member and non-member organizations and thought leaders, academic researchers, and other key individuals, as well as examining the range of approaches to the issue. The resulting reports typically go into depth describing the issue generally, outlining the key
information security issues to be considered, and proposing a process to address the issue, based on best practices.Methodologies and tools
For broad, fundamental areas, such as information risk assessment, or return-on-investment calculations, the ISF will develop comprehensive methodoligies that formalize the approaches to these issues. Supporting the methodology, the ISF supplies Web-based and spreadsheet-based tools to automate these functions.
Benchmarking program
Formerly called the "Information Security Status Survey," the ISF conducts a biannual benchmarking exercise that comprehensively examines the information-security practices of participants in all the areas addressed by the
Standard of Good Practice (although participants need not adhere to the Standard in order to participate in the benchmarking). The results include detailed information on how responses compare (anonymously) to other participants. The results system allows for detailed analysis, factoring in market sector, subject scope, organizational measures (such as number of employees or revenue), and other elements.Networking
Regional chapter meetings and other activities provide for face-to-face networking among peers in differing organizations. The ISF encourages direct member-to-member contact to address individual member questions and to strengthen relationships. Chapter meetings and other activities are conducted around the world and address local issues and language/cultural dimensions.
World Congress
The ISF's annual global conference is called the "Annual World Congress", and it takes place in a different city each year. In 2007 the conference was held in Cape Town, South Africa. The typically 2 1/2 day conference includes plenary sessions by leaders in
information security , personal development, practical workshops conducted by member organizations, and a substantial evening social program. The program focuses on information-security practitioners; the participation of vendors is limited to an exhibition area and a few invited speakers.Web portal (MX)
The ISF's extranet portal, "Member Exchange" (also MX or MX²) allows members to directly access all ISF materials, including member presentations, and also includes messaging forums, contact information, webcasts, and other data for member use.
Leadership
The members of the ISF, through the regional chapters, elect a Council to develop its work program. The Council elects an "Executive" group that is responsible for financial and strategic objectives. In 2008, the ISF named
Howard Schmidt to serve as the Forum's president.ee also
"See for a list of all computing and information-security related articles".
*Standard of Good Practice
*Information Systems Audit and Control Association
*International Organization for Standardization
*SANS Institute
*Gartner External links
* [http://www.securityforum.org The Information Security Forum]
* [http://www.isfsecuritystandard.com The Standard of Good Practice]
Wikimedia Foundation. 2010.
