The Information Security Forum (ISF), a U.K.-based nonprofit group of more than 260 international corporate members from Adobe Systems to Zurich Financial Services, has released an updated version of The Standard of Good Practice for Information Security. This comprehensive standard allows organizations to measure the effectiveness of their security posture against an international benchmark. The latest version has added guidance on patch management and on mitigating threats posed by instant messaging. It has significantly updated sections on outsourcing, virus protection, and Web server security. Unlike most of ISF's 200 or so publications, which are available only to members, @ The Standard of Good Practice is available to the public for free.