Happy Halloween Archer Community members! We are very pleased to announce the Information Security Forum 2013 Standard of Good Practice as the latest addition to the Archer content library.
RSA has been pleased to share a relationship with the ISF for several years both as a member and as the only GRC vendor to offer the venerable Standard of Good Practice. As it’s grown in popularity, each version of “the Standard” has evolved in comprehensive security coverage and this latest round raises the bar once again. Here at Archer we’ve responded in kind by completely reworking the content presentation to make the Standard more useful than ever before. This improved granularity resulted in nearly 8,900 discreet mappings to Archer Control Standards!
If you like ISO 27002 then you’ll love the ISF Standard of Good Practice. In addition to providing complete coverage across all ISO/IEC 27002 topics, the ISF SoGP’s expanded coverage includes:
- Cloud computing and privacy
- Supply Chain
- Consumer devices and BYOD
- Cybercrime attacks
- Critical infrastructure
Plus the Standard also overlaps COBIT 5, SANS 20, DSD Top 35, UK Top 10, and PAS 555.
The structure of the Standard is organized under four basic categories which extend to 26 Areas and 188 Topics (see figure below). The Standard is further bolstered by the underlying ISF Security Model that provides a basis for addressing information security needs by defining a balanced set of tools and methods that intersect basic GRC concepts with the people, processes, and technology embedded in the organization.
The Information Security Forum is an international member-driven organization with several regional networks and more than a dozen local chapters in place. Over half its members are included on the Fortune 500 and Forbes 2000 listings. Other member organizations include public sector bodies, government departments, and some of the world’s largest international corporations. Local chapter events are held throughout the year and every November the ISF hosts its “World Congress”, the ISF flagship global event. Held in a different city each year, 2013 marks the 24th annual Congress which begins in just a few days on November 2nd in Paris.
Like most other things membership has its privilege. ISF membership offers a unique private forum for security professionals to collaborate and further the practice of information security. In addition to the local and international events, membership provides access to the ISF Standard of Good Practice and the ability to benchmark security performance against other member organizations in a confidential and useful way. Other resources such as IRAM, the ISF’s risk assessment methodology and the ISF Live social business website are also available to members in good standing.
I highly encourage you to explore the ISF and consider having your organization join its member ranks. If you’re already a member and happen to be attending World Congress in Paris this year then please stop by the RSA booth and check out the latest version of the Standard of Good Practice in Archer.
Archer content import packs for the 2013 Standard of Good Practice for Information Security are available to ISF members through Customer Support.