The Standard of Good Practice for Information Security

ISF SOGP StandardToday I came across the The Standard of Good Practice for Information Security which has been produced by the Information Security Forum (ISF), an international association of over 260 leading organisations which fund and co-operate in the development of a practical research programme in information security.

The ISF’s work probably represents the most comprehensive and integrated set of material anywhere in the world in the area of information risk management.

The main aspects of security which are covered by the standard are :

  • Security Management – Security management at enterprise level.
  • Critical Business Applications – A business application that is critical to the success of the enterprise.
  • Computer Installations – A computer installation that supports one or more business applications.
  • Networks -A network that supports one or more business applications.
  • Systems Development – A systems development unit/department or a particular systems development project.

An examination of the main sections of The Standard of Good Practice will show that it covers the entire spectrum of arrangements that need to be made to keep the business risks associated with information systems within acceptable limits. It is a major tool in improving the quality and efficiency of security controls applied by an organisation.

You can get it for free (reg. required) here



Thank you for reading this post. You can now Leave A Comment (0) or Leave A Trackback. Print This Post Print This Post


Subscribe without commenting


Leave a Reply

Note: Any comments are permitted only because the site owner is letting you post, and any comments will be removed for any reason at the absolute discretion of the site owner.

CommentLuv badge