Чаще всего, когда я решаю какие-либо менеджерские/процессные вопросы информационной безопасности и ищу вдохновения и хороших идей, то обращаюсь к стандартам и “лучшим практикам”. Чаще всего это ISO 27001/27002 и COBIT5 for Information Security. Но недавно коллега (спасибо, Евгений) подсказал еще один хороший документ – “ The ISF Standard of Good Practice for Information Security 2018 “.
“The ISF Standard of Good Practice for Information Security 2018 is the leading authority on information security.
The Standard’s comprehensive controls and coverage of current and emerging information security topics enable organisations to respond to the rapid pace at which threats, technology and risks evolve. Implementing the Standard helps organisations to:
– be agile and exploit new opportunities, while ensuring that associated information risks are kept within acceptable levels
– respond to rapidly evolving threats, including sophisticated cyber attacks, using threat intelligence…
