The Standard of Good Practice for Information Security 2016 (the Standard) provides comprehensive controls and guidance on current and emerging information security topics enabling organisations to respond to the rapid pace at which threats, technology and risks evolve.
Implementing the Standard helps organisations to:
– Identify how regulatory and compliance requirements can be met
– Respond to rapidly evolving threats, including sophisticated cyber security attacks by using threat intelligence to increase cyber resilience
– Be agile and exploit new opportunities – while ensuring that associated information risks are managed to acceptable levels.
The latest edition of the Standard includes the introduction of topics such as: Threat Intelligence, Cyber Attack Protection and Industrial Control Systems, as well as, significant enhancement of existing topics including: Information Risk Assessment, Security Architecture and Enterprise Mobility Management.
The Standard, along with the ISF Benchmark; a comprehensive security control assessment tool, provide complete coverage of the topics set out in ISO/IEC 27002:2013, COBIT 5 for Information Security, NIST Cybersecurity Framework, CIS Top 20 Critical Security Controls for Effective Cyber Defense and Payment Card Industry Data Security Standard (PCI DSS) version 3.1.