Read Press Release - Information Security Principles for Practitioners text version

Press Release | 15 December 2010

Leading security organisations join forces to launch first set of principles for information security

ISF, (ISC)² and ISACA jointly promote positive behaviour, personal practice in information security

Three of the leading global security organisations have launched the first information security principles designed to promote good practice in information security. The Information Security Forum (ISF), (ISC)² and ISACA have joined forces to develop a set of 12 independent, non-proprietary principles that will help security practitioners respond more effectively to the changing needs of organisations in today's complex, interconnected world. The emerging role of information security as integral to improved corporate governance, regulatory compliance and risk assessment has prompted the need for clear guidelines that are relevant to the business landscape and agreed to by the key players in the security profession. The principles will help individuals support business objectives, defend their organisations from risk, and promote responsible security behaviour within it. "There are other standards and frameworks around like SOGP, COBIT and ISO27002, which are all aimed at organisations, but we were clear that we wanted these principles to be unique, practical and more like a code of conduct for individuals to adopt," according to Jason Creasey, Global Alliances Leader, ISF. "The business environment is changing, and we need to be much more risk-focused when it comes to rapidly evolving threats. Information security, which for many years was not a priority, has now been elevated up the corporate agenda, but it is the responsibility of the entire business, not just security practitioners, to be vigilant and responsive." "These principles, which ISF has spearheaded over the past 12 months, will help align security more closely with essential business activities and enable security practitioners to create a security-positive environment and better manage information risks." "The security profession has to break away from its roots as an IT-focused discipline. While many organisations like our own have a code of ethics or guiding values for their membership, this set of principles offers professionals


"The principles have been produced to provide information security practitioners with a set of principles to govern their behaviour, objectives, approach and activities in order to promote good practice in information security."

Information Security Forum Limited · Press Release

practical guidance on how to support business objectives. Our research confirms that the success of security within an enterprise is highly dependent upon how closely aligned it is with the business. What's more, these principles are accessible to everyone working in information security whatever their qualification or affiliation. Security professionals and their stakeholders now have a common framework for truly risk-based security management that all will be able to identify with. I expect that they will become an asset not only to professionals but businesses in general who will be able to refer to them as pillars of their good business practice," says John Colley, CISSP, Managing Director, EMEA, (ISC)². According to Manuel Aceves, CISA, CISM, CGEIT, CRISC, CISSP, FCITSM, member of ISACA's Professional Standards Committee, "Because information security has become such an important business function, it is critical for information security professionals to develop sound business skills in addition to technical skills and knowledge. The 12 information security principles provide a guide to help those in the security profession add value to their organisations by successfully supporting the business and promoting good practices.They also are a good complement to ISACA's Business Model for Information Security (BMIS), which provides a breakthrough approach for describing the information security ecosystem and also a common language for information security and business management to improve information protection." Available as a poster and downloadable from the ISF, (ISC)² and ISACA websites, the principles are aimed at all individuals working within the information security community, including those responsible for developing, supplying and managing security systems, and those influencing legal or regulatory requirements for security and others educating tomorrow's workforce. Note: A two-page overview of the principles is also available from each organisation's website, which provides more information about the principles and the benefits of using them. ISF:

The 12 Principles

The 12 information security principles for information security practitioners are outlined under three main categories ­ support the business, defend the business, and promote responsible security behaviour ­ with an objective and detailed description for each principle:

A. Support the business A1 Focus on the business A2 Deliver quality and value to stakeholders A3 Comply with relevant legal and regulatory requirements A4 Provide timely and accurate information on security performance A5 Evaluate current and future information threats A6 Promote continuous improvement in information security B1 Adopt a risk-based approach B2 Protect classified information B3 Concentrate on critical business applications B4 Develop systems securely C1 Act in a professional and ethical manner C2 Foster a security-positive culture

B. Defend the business

C. Promote responsible security behaviour

More information

Further information about the ISF, (ISC)² and ISACA can be found on their official websites below: · ISF: · (ISC)²: · ISACA:

Reference: ISF 10 PR 10 Copyright © 2010


For press information please contact: Lesley Booth Six Degrees Limited Tel: +44 (0)1628 480 280 E-mail: [email protected]

Information Security Forum Limited · Press Release


Press Release - Information Security Principles for Practitioners

2 pages

Find more like this

Report File (DMCA)

Our content is added by our users. We aim to remove reported files within 1 working day. Please use this link to notify us:

Report this file as copyright or inappropriate


You might also be interested in

Microsoft Word - Cobit Fundamentals Training Course Brochure.doc
Microsoft Word - Vol 3 Jul 2010 EDITEDjhlbdvjs YES.doc
Brochure formation 2011_propos_v10.indd
Microsoft Word - camera.doc