IT Security Organizations Launch First Set Of Information Security Principles

Three leading global security organizations have launched the first information security principles designed to promote good practice in information security. The Information Security Forum (ISF), International Information Systems Security Certification Consortium (ISC)2 and ISACA have developed 12 independent, non-proprietary principles that will help security practitioners respond more effectively in today’s complex, interconnected world.

“There are other standards and frameworks around like SOGP, COBIT and ISO27002, which are all aimed at organizations, but we were clear that we wanted these principles to be unique, practical and more like a code of conduct for individuals to adopt”

The emerging role of information security in improved governance, regulatory compliance and risk assessment has prompted the need for clear, relevant guidelines. The principles will help individuals support business objectives, manage their organizational risk and promote responsible security behavior.

“There are other standards and frameworks around like SOGP, COBIT and ISO27002, which are all aimed at organizations, but we were clear that we wanted these principles to be unique, practical and more like a code of conduct for individuals to adopt,” said Jason Creasey, Global Alliances Leader, ISF.

While information security has been added to many corporate agendas, the entire business -- not just security practitioners -- should be vigilant and responsive.

“The security profession has to break away from its roots as an IT-focused discipline. These principles are accessible to everyone working in information security whatever their qualification or affiliation. Security professionals and their stakeholders now have a common framework for truly risk-based security management that all will be able to identify with,” said John Colley, CISSP, Managing Director, EMEA, (ISC)2.

According to Manuel Aceves, CISA, CISM, CGEIT, CRISC, CISSP, FCITSM, member of ISACA’s Professional Standards Committee, “Because information security has become such an important business function, it is critical for information security professionals to develop sound business skills in addition to technical skills and knowledge. The information security principles provide a guide to help those in the security profession add value to their organizations by successfully supporting the business and promoting good practices. They also are a good complement to ISACA’s Business Model for Information Security (BMIS), which provides a breakthrough approach for describing the information security ecosystem and a common language for information security and business management to improve information protection.”

Available as a poster and downloadable from the ISF, (ISC)² and ISACA websites -- http://www.isaca.org/security-principles --  the principles are aimed at individuals working in information security, including those who develop, supply and manage security systems; influence legal or regulatory requirements for security; and educate tomorrow’s workforce. They have three categories -- support the business, defend the business, and promote responsible security behavior.

 

 

Featured

  • Planning for Your Perimeter

    Planning for Your Perimeter

    The perimeter is an organization’s first line of defense and a critical element of any security and surveillance program. Even if a building’s interior or exterior security is strong, without a solid perimeter surveillance approach any company or business is vulnerable. Read Now

  • The Key Issue

    The Key Issue

    It is February 2014. A woman is getting ready in her room on a cruise ship when she hears a knock on the door; it is a crewmember delivering breakfast. She is not presentable so she tells him to leave it by the door. Read Now

  • Achieving Clear Communications

    Achieving Clear Communications

    Technology within the security industry has adapted to numerous changes through the years, from the early days of analog devices to today’s IP-based solutions, networked cameras, and access control solutions, in addition to analytics, cloud-based products, virtual security guards, and more. Read Now

  • Taking Flight

    Taking Flight

    Airport security is a complex system that incorporates multiple technologies to ensure the safety and security of travelers, employees and the facility itself. Sound-based technologies are integral pieces of this system, providing means of communication, notification and monitoring. Read Now

Featured Cybersecurity

New Products

  • BIO-key MobileAuth

    BIO-key MobileAuth

    BIO-key International has introduced its new mobile app, BIO-key MobileAuth™ with PalmPositive™ the latest among over sixteen strong authentication factors available for BIO-key's PortalGuard® Identity-as-a-Service (IDaaS) platform. 3

  • LiftMaster Garage Door Opener

    LiftMaster Garage Door Opener

    LiftMaster Transforms the Garage Door Opener Into a Sleek Smart Home Device That Does More Than Open and Close the Garage Door 3

  • LenelS2 BlueDiamond™ mobile app

    enelS2 has introduced its Indoor Location subscription-based service for businesses and other organizations using LenelS2’s BlueDiamond™ mobile app version 2.1.8 for smartphones. 3