Security standards introduced by joint venture of ISF, ISACA and (ISC)²
The Information Security Forum (ISF), ISACA and (ISC)² have combined to launch a set of principles for security professionals to help them respond more effectively to current business pressures.
The 12 principles are driven by risk, governance and greater regulatory compliance and according to the organisations, will help security practitioners respond more effectively to the changing needs of organisations in today's complex, interconnected world.
They said that the principles will help individuals support business objectives, defend their organisations from risk and promote responsible security behaviour within it.
John Colley, managing director EMEA at (ISC)², said: “The security profession has to break away from its roots as an IT-focused discipline. While many organisations like our own have a code of ethics or guiding values for their membership, this set of principles offers professionals practical guidance on how to support business objectives.
“These principles are accessible to everyone working in information security whatever their qualification or affiliation. Security professionals and their stakeholders now have a common framework for truly risk-based security management that all will be able to identify with.”
Jason Creasey, global alliances leader at the ISF, said: “There are other standards and frameworks around like SOGP, COBIT and ISO 27002, which are all aimed at organisations, but we were clear that we wanted these principles to be unique, practical and more like a code of conduct for individuals to adopt.
“The business environment is changing, and we need to be much more risk-focused when it comes to rapidly evolving threats. Information security, which for many years was not a priority, has now been elevated up the corporate agenda, but it is the responsibility of the entire business, not just security practitioners, to be vigilant and responsive.”
Manuel Aceves, member of ISACA's professional standards committee, said: “Because information security has become such an important business function, it is critical for information security professionals to develop sound business skills in addition to technical skills and knowledge.
“The 12 information security principles provide a guide to help those in the security profession add value to their organisations by successfully supporting the business and promoting good practices.”