Standard of Good Practice

Standard of Good Practice

The "Standard of Good Practice" (SoGP) is a detailed documentation of best practice for information security. First released in 1996, the Standard is published and revised biannually by the Information Security Forum (ISF), an international best-practices association consisting of member organizations in financial services, manufacturing, consumer products, telecommunications, government, and other areas. The Standard is available free of charge for non-commercial use from the ISF, whereas other ISF reports and tools are generally available only to member organizations.

The Standard is developed from research and the actual practices of and incidents experienced by major organizations, incorporating the ISF's extensive research program, comprehensive benchmarking program, analysis of other standards and prevailing practices, and the direct feedback from and active involvement of ISF members. Its regular and relatively frequent update cycle (every two years) also allows it to keep up with technological developments and emerging threats. The Standard is used as the default governing document for information security behavior by many major organizations, by itself or in conjunction with other standards such as ISO/IEC 27002 or COBIT.

The Standard was updated most recently in February 2007 to include a new addition focusing on end-user environments. It also includes expanded sections on application security, risk assessment, and other subjects and new sections addressing regulatory compliance and evolving security issues arising out of the ISF's best-practices research and recommendations.

Organization

The Standard is broken into six categories, or "aspects". Computer Installations and Networks address the underlying IT infrastructure on which Critical Business Applications run. The End-User Environment covers the arrangements associated with protecting corporate and workstation applications at the endpoint in use by individuals. Systems Development deals with how new applications and systems are created, and Security Management addresses high-level direction and control.

The six aspects within the Standard are composed of a number of "areas", each covering a specific topic. An area is broken down further into "sections", each of which contains detailed specifications of information security best practice. Each statement has a unique reference. For example, SM41.2 indicates that a specification is in the Security Management aspect, area 4, section 1, and is listed as specification #2 within that section.

The Principles and Objectives part of the Standard provides a high-level version of the Standard, by bringing together just the "principles" (which provide an overview of what needs to be performed to meet the Standard) and "objectives" (which outline the reason why these actions are necessary) for each section.

The published Standard also includes an extensive topics matrix, index, introductory material, background information, suggestions for implementation, and other information.

ee also

"See for a list of all computing and information-security related articles".
* Best practice
*COBIT
*Committee of Sponsoring Organizations of the Treadway Commission (COSO)
*Cyber security standards
* Information security
*Information Security Forum
*ISO 17799
*ISO/IEC 27002
*Information Technology Infrastructure Library (ITIL)

External links

* [http://www.isfstandard.com The Standard of Good Practice]
*The [http://www.securityforum.org Information Security Forum]


Wikimedia Foundation. 2010.

Игры ⚽ Нужна курсовая?

Look at other dictionaries:

  • Good manufacturing practice — or GMP are practices and the systems required to be adapted in pharmaceutical manufacturing, quality control, quality system covering the manufacture and testing of pharmaceuticals or drugs including active pharmaceutical ingredients, diagnostics …   Wikipedia

  • practice — prac‧tice [ˈprækts] noun 1. [uncountable] the work done by a particular profession, especially lawyers or doctors who are working for themselves rather than a public organization: • Mr. Barr returned to private law practice in the mid 1990s. •… …   Financial and business terms

  • practice — prac|tice W1S2 [ˈpræktıs] n ▬▬▬▬▬▬▬ 1¦(a skill)¦ 2 in practice 3¦(something done often)¦ 4¦(doctor/lawyer)¦ 5 be common/standard/normal practice 6 good/best/bad practice 7 put something into practice 8 be out of practice 9 practice makes perfect… …   Dictionary of contemporary English

  • practice — {{Roman}}I.{{/Roman}} noun 1 actual doing of sth VERB + PRACTICE ▪ put sth into ▪ I can t wait to put what I ve learned into practice. PREPOSITION ▪ in practice ▪ …   Collocations dictionary

  • standard — stan|dard1 W2S3 [ˈstændəd US ərd] n ▬▬▬▬▬▬▬ 1¦(level of quality/achievement)¦ 2¦(moral principles)¦ 3¦(measurement)¦ 4¦(song)¦ 5¦(flag)¦ ▬▬▬▬▬▬▬ [Date: 1100 1200; : Old French; Origin: estandard battle flag ] 1.) ¦(LE …   Dictionary of contemporary English

  • Good Automated Manufacturing Practice — Der „Good Automated Manufacturing Practice Supplier Guide for Validation of Automated Systems in Pharmaceutical Manufacture“ (kurz: GAMP) wurde 1995 vom UK Pharmaceutical Industry Computer Validation Forum veröffentlicht. Dieser Leitfaden hat… …   Deutsch Wikipedia

  • practice — noun 1 A SKILL a) (U) regular activity that you do in order to improve a skill: It takes hours of practice to learn to play the guitar. | With a little more practice you should be able to pass your test. b) (C) a period of time you spend training …   Longman dictionary of contemporary English

  • practice — prac|tice1 [ præktıs ] noun *** 1. ) count or uncount occasions when you do something in order to become better at it, or the time you spend doing this: You will become a faster typist with practice. Waylans broke his wrist during practice and… …   Usage of the words and phrases in modern English

  • practice — I UK [ˈpræktɪs] / US noun Word forms practice : singular practice plural practices *** Get it right: practice: Don t confuse practice (a noun) with practise (a verb). These two words sound exactly the same: Wrong: Soldiers had only a few days in… …   English dictionary

  • Standard conditions for temperature and pressure — Not to be confused with Standard state. In chemistry, standard condition for temperature and pressure (informally abbreviated as STP) are standard sets of conditions for experimental measurements, to allow comparisons to be made between different …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”