IT Security Organizations Launch First Set Of Information Security Principles

Three leading global security organizations have launched the first information security principles designed to promote good practice in information security. The Information Security Forum (ISF), International Information Systems Security Certification Consortium (ISC)2 and ISACA have developed 12 independent, non-proprietary principles that will help security practitioners respond more effectively in today’s complex, interconnected world.

“There are other standards and frameworks around like SOGP, COBIT and ISO27002, which are all aimed at organizations, but we were clear that we wanted these principles to be unique, practical and more like a code of conduct for individuals to adopt”

The emerging role of information security in improved governance, regulatory compliance and risk assessment has prompted the need for clear, relevant guidelines. The principles will help individuals support business objectives, manage their organizational risk and promote responsible security behavior.

“There are other standards and frameworks around like SOGP, COBIT and ISO27002, which are all aimed at organizations, but we were clear that we wanted these principles to be unique, practical and more like a code of conduct for individuals to adopt,” said Jason Creasey, Global Alliances Leader, ISF.

While information security has been added to many corporate agendas, the entire business -- not just security practitioners -- should be vigilant and responsive.

“The security profession has to break away from its roots as an IT-focused discipline. These principles are accessible to everyone working in information security whatever their qualification or affiliation. Security professionals and their stakeholders now have a common framework for truly risk-based security management that all will be able to identify with,” said John Colley, CISSP, Managing Director, EMEA, (ISC)2.

According to Manuel Aceves, CISA, CISM, CGEIT, CRISC, CISSP, FCITSM, member of ISACA’s Professional Standards Committee, “Because information security has become such an important business function, it is critical for information security professionals to develop sound business skills in addition to technical skills and knowledge. The information security principles provide a guide to help those in the security profession add value to their organizations by successfully supporting the business and promoting good practices. They also are a good complement to ISACA’s Business Model for Information Security (BMIS), which provides a breakthrough approach for describing the information security ecosystem and a common language for information security and business management to improve information protection.”

Available as a poster and downloadable from the ISF, (ISC)² and ISACA websites -- http://www.isaca.org/security-principles --  the principles are aimed at individuals working in information security, including those who develop, supply and manage security systems; influence legal or regulatory requirements for security; and educate tomorrow’s workforce. They have three categories -- support the business, defend the business, and promote responsible security behavior.

 

 

Featured

  • CISA Kicks Off 20th Anniversary of Cybersecurity Awareness Month

    CISA Kicks Off 20th Anniversary of Cybersecurity Awareness Month

    The Cybersecurity and Infrastructure Security Agency (CISA) recently announced the kickoff of the 20th Cybersecurity Awareness Month. Throughout October, CISA and the National Cybersecurity Alliance (NCA) will focus on ways to “Secure Our World” by educating the public on how to stay safe online. Read Now

  • Cybersecurity Awareness Month: Top Five Action Items to Elevate Your Data Security Posture Management and Secure Your Data

    October is Cybersecurity Awareness Month, and every year most tips for security hygiene and staying safe have not changed. We’ve seen them all – use strong passwords, deploy multi-factor authentication (MFA), be vigilant to spot phishing attacks, regularly update software and patch your systems. These are great recommended ongoing tips and are as relevant today as they’ve ever been. But times have changed and these best practices can no longer be the bare minimum. Read Now

  • Boosting Safety and Efficiency

    Boosting Safety and Efficiency

    In alignment with the state of Mississippi’s mission of “Empowering Mississippi citizens to stay connected and engaged with their government,” Salient's CompleteView VMS is being installed throughout more than 150 state boards, commissions and agencies in order to ensure safety for thousands of constituents who access state services daily. Read Now

  • Live From GSX: Post-Show Review

    Live From GSX: Post-Show Review

    This year’s Live From GSX program was a rousing success! Again, we’d like to thank our partners, and IPVideo, for working with us and letting us broadcast their solutions to the industry. You can follow our Live From GSX 2023 page to keep up with post-show developments and announcements. And if you’re interested in working with us in 2024, please don’t hesitate to ask about our Live From programs for ISC West in March or next year’s GSX. Read Now

    • Industry Events
    • GSX

Featured Cybersecurity

New Products

  • ResponderLink

    ResponderLink

    Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols. 3

  • XS4 Original+

    XS4 Original+

    The SALTO XS4 Original+ design is based on the same proven housing and mechanical mechanisms of the XS4 Original. The XS4 Original+, however, is embedded with SALTO’s BLUEnet real-time functionality and SVN-Flex capability that enables SALTO stand-alone smart XS4 Original+ locks to update user credentials directly at the door. Compatible with the array of SALTO platform solutions including SALTO Space data-on-card, SALTO KS Keys as a Service cloud-based access solution, and SALTO’s JustIn Mobile technology for digital keys. The XS4 Original+ also includes RFID Mifare DESFire, Bluetooth LE and NFC technology functionality. 3

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area. 3