Virtualization Technology News and Information
Information Security Forum Teams with NIST to Create Online Informative References
The Information Security Forum (ISF), trusted resource for executives and board members on cyber security and risk management, today announced that the organization has been working with the United States National Institute of Standards and Technology (NIST) as part of a pilot project to create Online Informative References (OLIRs) between information security standards and the NIST Cybersecurity Framework (CSF). As part of this pilot scheme, the ISF has produced an OLIR between the ISF's Standard of Good Practice for Information Security 2018 (The Standard) and the NIST CSF Version 1.1. 

"Many security practitioners are overwhelmed with recommendations on how to provide cyber security from the media, vendors, standards bodies and more," said Steve Durbin, Managing Director, ISF. "The ISF, the Standard and this OLIR provides a practical and clear path in how to adopt and use the CSF and, in doing so, tackle many other challenges associated with cyber security and information risk management. Current and potential ISF Members can demonstrate to business executives, supply chain partners, customers and other parties how adoption and implementation of the Standard both meets, and exceeds, the requirements set out in the CSF."

From security practitioners to business leaders, in all industry sectors across the globe, the CSF has received growing attention as a tool for tackling cyber threats. The OLIR between The Standard and the CSF links 87 of the 131 Information Security topics found in The Standard to all 108 subcategories in the CSF. These links are designed for practitioners who currently utilize or are considering The Standard and would like to understand how the activities that they undertake can help them achieve the outcomes described by each subcategory. The remaining 44 topics in The Standard that are not linked to CSF subcategories cover areas of Information Security not directly found within the CSF, such as system development criteria or audit processes. Additional details on the coverage of the CSF Subcategories can be found in the OLIR document.

"Managing risk is essential for organizations to deliver their strategies, initiatives and goals. Therefore, information risk management is relevant only if it enables organizations to achieve these objectives, ensuring it is well-positioned to succeed and is resilient to unforeseen events, such as those caused by advanced cyber-attacks," continued Durbin. "The ISF maintains an Informative Reference between the NIST Cybersecurity Framework 1.1 and The Standard - a respected resource that is already implemented by many global organizations. This latest update provides security professionals with assurance of how implementing The Standard meets the expectations of the CSF, as with other international and industry standards and frameworks."

The Standard addresses the rapid pace at which threats and risks evolve and an organizations' need to respond to escalating security threats from activities such as cybercrime, ‘hacktivism', insider threats and espionage. The Standard is used widely across ISF membership which consists of many of the leading Fortune 500 and Forbes 2000 global companies. While the Standard has been designed with large organizations in mind, it is equally applicable to individual business units as well as small to medium-sized businesses (SMBs).

Updated on a biennial basis to reflect the latest findings from the ISF's research program, input from global ISF member organizations, trends from the ISF Benchmark and major external developments including new legislation and other requirements, The Standard is business-friendly and used by many global organizations as their primary reference for information security. The Standard provides comprehensive controls and guidance on current and emerging information security topics enabling organizations to respond to the rapid pace at which threats, technology and risks evolve.

The ISF will be launching the latest edition of The Standard in 2020. The most recent version addresses topics such as Agile development, Industrial Control Systems and the EU General Data Protection Regulation (GDPR). Available at no cost to ISF member companies, The Standard can also be purchased by non-members. For more information on The Standard or any aspect of the ISF, please visit the ISF website.

Published Wednesday, October 23, 2019 3:03 PM by David Marshall
Filed under:
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<October 2019>