The update, said the forum, includes new content, structure and information updates and covers four main categories: security governance, security requirements, control framework and monitoring and improvement. Among the 118 separate topics covered, there are frequent illustrations of how the 2011 Standard can be applied in practice.
According to the ISF, the 2011 Standard is designed to help organisations meet the requirements of any of the world’s recognized information security standards, including ISO, COBIT, NIST, PCI/DSS and ITIL.
The 2011 Standard, the forum noted, complements these with a wealth of content drawn from ISF projects and input from ISF members. Unlike other industry standards, it covers new current information security topics such as cloud computing, social networking, data storage, digital rights management and virtualization, and provides greater depth and guidance for existing topics such information leakage protection, external supplier management process, access control mechanisms, business continuity strategy and security audit management.
Announcing the Standard, Michael de Crespigny, the ISF's CEO, said that the 2011 Standard sits at the heart of our membership offering and is maintained through its research program.
“Many organizations use it as a core part of their business cycle for managing information risk, for example as the basis for their organization-wide information security policy to support important compliance activities, and to benchmark their practices against peers”, he said.
"One of the biggest improvements in the 2011 Standard is the new modular structure – based around intuitive, business-oriented information security topics. This makes it easier for users to customize, automate and cross-reference the standard and other relevant materials”, he added.
Details of the 2011 Standard will be posted today to the ISF website.