Misplaced Pages

Information Security Forum

Article snapshot taken from Wikipedia with creative commons attribution-sharealike license. Give it a read and then ask your questions in the chat. We can research this topic together.

The Information Security Forum ( ISF ) is an independent information security body.

#730269

21-487: The ISF delivers a range of content, activities, and tools. The ISF is a paid membership organisation: all its products and services are included in the membership fee. From time to time, the ISF makes research documents and other papers available to non-members. The ISF released the updated Standard of Good Practice for Information Security in 2018. The Standard is available to ISF members and non-members, who can purchase copies of

42-494: A comprehensive and effective information security management system. In addition to covering information security-related standards such as COBIT 5 for Information Security, The CIS Critical Security Controls for Effective Cyber Defense , the 2016 standard covers ISO/IEC 27002 as well as PCI DSS 3.1 and the NIST Cybersecurity Framework . Based on member input, the ISF selects a number of topics for research in

63-530: A given year. The research includes interviewing member and non-member organizations and thought leaders, academic researchers, and other key individuals, as well as examining a range of approaches to the issue. The resulting reports typically go into depth describing the issue generally, outlining the key information security issues to be considered, and proposing a process to address the issue, based on best practices. For broad, fundamental areas, such as information risk assessment or return-on-investment calculations,

84-469: A need for a centralized source of information and guidance in the field. In 1969, Stuart Tyrnauer, an employee of the (later) Douglas Aircraft Company , incorporated the group as the EDP Auditors Association (EDPAA). Tyrnauer served as the body's founding chairman for the first three years. In 1976 the association formed an education foundation to undertake large-scale research efforts to expand

105-404: A new logo. ISACA currently serves more than 170,000 constituents (members and professionals holding ISACA certifications) in more than 180 countries. The job titles of members are such as IS auditor, consultant, educator, IS security professional, regulator, chief information officer , chief information security officer and internal auditor . They work in nearly all industry categories. There

126-918: Is a framework created by ISACA for information technology (IT) management and IT governance . The framework is business focused and defines a set of generic processes for the management of IT, with each process defined together with process inputs and outputs, key process-activities, process objectives, performance measures and an elementary maturity model . Business and IT goals are linked and measured to create responsibilities of business and IT teams. Five processes are identified: Evaluate, Direct and Monitor (EDM); Align, Plan and Organize (APO); Build, Acquire and Implement (BAI); Deliver, Service and Support (DSS); and Monitor, Evaluate and Assess (MEA). The COBIT framework ties in with COSO , ITIL , BiSL , ISO 27000 , CMMI , TOGAF and PMBOK . The framework helps companies follow law, be more agile and earn more. Below are COBIT components: The standard meets all

147-400: Is a network of ISACA chapters with more than 225 chapters established in over 180 countries. Chapters provide education, resource sharing, advocacy, networking and other benefits. The CSX-P, ISACA's first cybersecurity certification, was introduced in the summer of 2015. It is one of the few certifications that require the individual to work in a live environment, with real problems, to obtain

168-533: Is almost ideal in its characteristics. COBIT was initially "Control Objectives for Information and Related Technologies," though before the release of the framework people talked of "CobiT" as "Control Objectives for IT" or "Control Objectives for Information and Related Technology." ISACA first released COBIT in 1996, originally as a set of control objectives to help the financial audit community better maneuver in IT-related environments. Seeing value in expanding

189-546: Is known as the Information Systems Audit and Control Association , although ISACA now goes by its acronym only. ISACA currently offers 8 certification programs, as well as other micro-certificates. ISACA originated in United States in 1967, when a group of individuals working on auditing controls in computer systems started to become increasingly critical of the operations of their organizations. They identified

210-594: The Business Model for Information Security (BMIS). ISACA currently offers certification tracks on both COBIT 2019 (COBIT Foundations, COBIT Design & Implementation, and Implementing the NIST Cybersecurity Framework Using COBIT 2019) as well as certification in the previous version (COBIT 5). ISACA ISACA is an international professional association focused on IT ( information technology ) governance. On its IRS filings, it

231-561: The Benchmark service at any time and can use the web-based tool to assess their security performance across a range of different environments, compare their security strengths and weaknesses against other organizations, and measure their performance against the ISF's 2016 Standard of Good Practice, ISO/IEC 27002:2013, and COBIT version 5 for information security. The Benchmark provides a variety of data export functionality that can be used for analyzing and presenting data for management reporting and

SECTION 10

#1732923249731

252-445: The ISF develops comprehensive methodologies that formalize the approaches to these issues. Supporting the methodology, the ISF supplies web and spreadsheet-based tools to automate these functions. The ISF's Benchmark (formerly called the 'Information Security Status Survey') has a well-established pedigree – harnessing the collective input of hundreds of the world's leading organizations for over 25 years. Organizations can participate in

273-427: The ISF, through the regional chapters, elect a Council to develop its work program and generally to represent member interests. The Council elects an 'Executive' group which is responsible for financial and strategic objectives. See Category:Computer security for a list of all computing and information-security related articles . COBIT COBIT ( Control Objectives for Information and Related Technologies )

294-574: The creation of security improvement programs. It is updated on a biennial basis to align with the latest thinking in information security and provide the ISF Members with improved user experiences and added value. Regional chapter meetings and other activities provide for face-to-face networking among individuals from ISF member organisations. The ISF encourages direct member-to-member contact to address individual questions and strengthen relationships. Chapter meetings and other activities are conducted around

315-553: The framework beyond just the auditing realm, ISACA released a broader version 2 in 1998 and expanded it even further by adding management guidelines in 2000's version 3. The development of both the AS 8015 : Australian Standard for Corporate Governance of Information and Communication Technology in January 2005 and the more international draft standard ISO/IEC DIS 29382 (which soon after became ISO/IEC 38500 ) in January 2007 increased awareness of

336-620: The knowledge of and value accorded to the fields of governance and control of information technology . The association became the Information Systems Audit and Control Association in 1994. By 2008 the organization had dropped its long title and branded itself as ISACA . In March 2016, ISACA bought the CMMI Institute, which is behind the Capability Maturity Model Integration . In January 2020, ISACA updated and refreshed its look and digital presence, introducing

357-461: The need for more information and communication technology (ICT) governance components. ISACA inevitably added related components/frameworks with versions 4 and 4.1 in 2005 and 2007 respectively, "addressing the IT-related business processes and responsibilities in value creation ( Val IT ) and risk management ( Risk IT )." COBIT 5 (2012) is based on COBIT 4.1, Val IT 2.0 and Risk IT frameworks, and draws on ISACA's IT Assurance Framework (ITAF) and

378-409: The needs of the practice, while maintaining independence from specific manufacturers, technologies and platforms. When developing the standard, it was possible to use it both for auditing a company's IT system and for designing an IT system. In the first case, COBIT allows you to determine the degree of conformity of the system under study to the best examples, and in the second, to design a system that

399-761: The report. The 2018 Standard represents an update on the 2016 release of the Standard, and builds upon the previous release to include the most up-to-date controls, approaches and thought leadership in information security. The standard is a business-focused, practical and comprehensive guide available for identifying and managing information security risks in organizations. The 2016 standard covers current information security 'hot topics' such as Threat Intelligence, Cyber Attack Protection and Industrial Control Systems, as well as, significant enhancement of existing topics including Information Risk Assessment, Security Architecture and Enterprise Mobility Management. It can be used to build

420-523: The world and address local issues and language/cultural dimensions. The ISF's annual global conference, the 'World Congress', takes place in a different city each year. The 2017 conference will take place in October in Cannes, France . The event offers an opportunity for attendees to discuss and find solutions to current security challenges, and gain practical advice from peers and leading industry experts from around

441-459: The world. Over 1,000 global senior executives attend. The event includes a series of keynote presentations, workshops and networking sessions, best practices and thought leadership in a confidential peer-group environment. The ISF's extranet portal, ISF Live, enables members to directly access all ISF materials, including member presentations, messaging forums, contact information, webcasts, online tools, and other data for member use. The members of

SECTION 20

#1732923249731
#730269