Information Security Forum

The Information Security Forum (ISF) is an international, independent, not-for-profit organization dedicated to benchmarking and best practices in information security. It was established in 1989 as the European Security Forum but expanded its mission and membership in the 1990s, so that it now includes hundreds of members, including a large number of Fortune 500 companies, from North America, Asia, and other locations around the world. Groups of members are organized as "chapters" throughout Europe, Africa, Asia, the Middle East, and North America. The ISF is headquartered in London, England, but also has staff based in New York City.

The membership of the ISF is international and includes large organizations in transportation, financial services, chemical/pharmaceutical, manufacturing, government, retail, media, telecommunications, energy, transportation, professional services, and other sectors.

In addition to the benchmarking program, the ISF runs regional chapter meetings, topical workshops, a large annual conference (called the "World Congress"), and develops and publishes research reports and tools addressing a wide variety of subjects. Its research agenda is driven entirely by its member organizations, who govern all ISF activities.

Primary deliverables

The ISF delivers and range of content, activities, and tools, which are summarized below.

The ISF is a paid membership organization, although the Standard of Good Practice is available for free. From time to time, the ISF makes other research documents available for free. In the past, the ISF has given away a comprensive checklist on Windows server security and a report entitled "The Disappearance of the Network Boundary". Other products and service are included in the membership fee.

The Standard of Good Practice

Every two years, the ISF revises and publishes the Standard of Good Practice, a detailed documentation of best practices in information security, based on research and a comprehensive benchmarking program that has captured security behavior and detailed incident data for many years.

Research projects

Based on member input, the ISF selects a number of topics for research in a given year. The research includes interviewing member and non-member organizations and thought leaders, academic researchers, and other key individuals, as well as examining the range of approaches to the issue. The resulting reports typically go into depth describing the issue generally, outlining the key information security issues to be considered, and proposing a process to address the issue, based on best practices.

Methodologies and tools

For broad, fundamental areas, such as information risk assessment, or return-on-investment calculations, the ISF will develop comprehensive methodoligies that formalize the approaches to these issues. Supporting the methodology, the ISF supplies Web-based and spreadsheet-based tools to automate these functions.

Benchmarking program

Formerly called the "Information Security Status Survey," the ISF conducts a biannual benchmarking exercise that comprehensively examines the information-security practices of participants in all the areas addressed by the Standard of Good Practice (although participants need not adhere to the Standard in order to participate in the benchmarking). The results include detailed information on how responses compare (anonymously) to other participants. The results system allows for detailed analysis, factoring in market sector, subject scope, organizational measures (such as number of employees or revenue), and other elements.


Regional chapter meetings and other activities provide for face-to-face networking among peers in differing organizations. The ISF encourages direct member-to-member contact to address individual member questions and to strengthen relationships. Chapter meetings and other activities are conducted around the world and address local issues and language/cultural dimensions.

World Congress

The ISF's annual global conference is called the "Annual World Congress", and it takes place in a different city each year. In 2007 the conference was held in Cape Town, South Africa. The typically 2 1/2 day conference includes plenary sessions by leaders in information security, personal development, practical workshops conducted by member organizations, and a substantial evening social program. The program focuses on information-security practitioners; the participation of vendors is limited to an exhibition area and a few invited speakers.

Web portal (MX)

The ISF's extranet portal, "Member Exchange" (also MX or MX²) allows members to directly access all ISF materials, including member presentations, and also includes messaging forums, contact information, webcasts, and other data for member use.


The members of the ISF, through the regional chapters, elect a Council to develop its work program. The Council elects an "Executive" group that is responsible for financial and strategic objectives. In 2008, the ISF named Howard Schmidt to serve as the Forum's president.

ee also

"See for a list of all computing and information-security related articles".
*Standard of Good Practice
*Information Systems Audit and Control Association
*International Organization for Standardization
*SANS Institute

External links

* [ The Information Security Forum]
* [ The Standard of Good Practice]

Wikimedia Foundation. 2010.

Look at other dictionaries:

  • Information Security Forum — Pour les articles homonymes, voir ISF. Information Security Forum (ISF) est un organisme international et indépendant, créé en 1989. Son but est la recherche des bonnes pratiques dans le domaine de la sécurité de l information. Il regroupe… …   Wikipédia en Français

  • Information security — Components: or qualities, i.e., Confidentiality, Integrity and Availability (CIA). Information Systems are decomposed in three main portions, hardware, software and communications with the purpose to identify and apply information security… …   Wikipedia

  • Information Security Awareness Forum — The Information Security Awareness Forum was founded by the UK chapter of the Information Systems Security Association in 2008. Its objective is to create a co ordinated cross industry / cross institution approach for delivering security… …   Wikipedia

  • Information security management system — An Information Security Management System (ISMS) is, as the name suggests, a set of policies concerned with information security management. The idiom arises primarily out of ISO/IEC 27001.The key concept of ISMS is for an organization to design …   Wikipedia

  • Information security management system — Système de gestion de la sécurité de l information Un système de gestion de la sécurité de l information (en anglais : Information security management system, ou ISMS) est, comme son nom le suggère, un système de gestion concernant la… …   Wikipédia en Français

  • Georgia Tech Information Security Center — (GTISC) is a department of Georgia Tech that deals with information security issues such as cryptography, network security, trusted computing, software reliability, privacy, and internet governance. [cite… …   Wikipedia

  • Cardholder Information Security Program — The Cardholder Information Security Program (CISP) was a program established by Visa USA to ensure the security of cardholder information as it is being processed and stored by merchants and service providers. CISP has since been superseded by… …   Wikipedia

  • Security controls — are safeguards or countermeasures to avoid, counteract or minimize security risks. To help review or design security controls, they can be classified by several criteria, for example according to the time that they act, relative to a security… …   Wikipedia

  • Information assurance — (IA) is the practice of managing information related risks. More specifically, IA practitioners seek to protect and defend information and information systems by ensuring confidentiality, integrity, authentication, availability, and non… …   Wikipedia

  • Information privacy — Information privacy, or data privacy is the relationship between collection and dissemination of data, technology, the public expectation of privacy, and the legal and political issues surrounding them. Privacy concerns exist wherever personally… …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”

We are using cookies for the best presentation of our site. Continuing to use this site, you agree with this.