Executives who want the latest shining gadget (in these were tablets) and are . The Information Security Forum (ISF), Standard of Good Practice, Citicus first software vendor to deliver ISF Standard of Good Practice Citicus ONE, the award-winning risk and compliance management. Forum Limited 8. The Research and Reports that ISF provides The work programme (as at Q1) Standard of Good Practice update. Information risk .

Author: Fenrijar Torr
Country: El Salvador
Language: English (Spanish)
Genre: Career
Published (Last): 13 July 2016
Pages: 216
PDF File Size: 18.56 Mb
ePub File Size: 12.10 Mb
ISBN: 912-8-77469-983-3
Downloads: 49312
Price: Free* [*Free Regsitration Required]
Uploader: Tygoshakar

The Standard of Good Practice for Information Securitypublished by the Information Security Forum Sogppis a business-focused, practical and comprehensive guide to identifying and managing information security risks in organizations and their supply chains.

The Standard is the most significant update of the standard for four years. It includes information security ‘hot topics’ such as consumer devices, critical infrastructure, cybercrime attacks, office equipment, spreadsheets and databases and cloud computing. Sgp Standard is available free of charge to members of the ISF. Non-members are able to purchase a copy of the standard directly from the ISF.

The Standard has historically been organized into six categories, or aspects.

Citicus first software vendor to deliver ISF Standard of Good Practice

The End-User Environment covers the arrangements associated with protecting corporate and workstation applications at the endpoint in sofp by individuals. Systems Development deals with how new applications and systems are created, and Security Management addresses high-level direction and control. The Standard is now primarily published in a simple “modular” format that eliminates redundancy.

For example, the various sections devoted to security audit and review have been consolidated. The six aspects within the Standard are composed of a number of areaseach covering a specific topic. Soggp area is broken down further into sectionseach of which contains detailed specifications of information security best practice. Each statement has a unique reference.


The Principles and Objectives part of the Standard provides a high-level version of the Standard, by bringing together just the principles which provide an overview of what needs to be performed to meet the Standard and objectives which outline the reason why these actions are necessary for each section.

The published Standard also includes an extensive topics sofp, index, introductory material, background information, suggestions for 20011, and other information. Computer security for a list of all computing and information-security related articles.

From Wikipedia, the free encyclopedia. This article needs to be updated. Please update this article to reflect recent events or newly available information. The Standard of Good Practice. Retrieved from ” https: Computer security Data security Computer security standards Risk analysis. Wikipedia articles in need of updating from May All Wikipedia articles in need of updating. Views Read Edit View history.

Standard of Good Practice for Information Security – Wikipedia

This page izf last edited on 23 Octoberat By using this site, you agree to the Terms of Use and Privacy Policy. The target audience of the SM aspect will typically include: Heads of information security functions Information security managers or equivalent IT auditors. If commitment provided by top management to promoting good information security practices across the enterprise, along with the allocation of appropriate resources.

Security management arrangements within: A group of companies or equivalent Part of a group e. A business application that is critical to the success of the enterprise. The target audience of the CB aspect will typically include: Owners of business applications Individuals in charge of business processes that are dependent on applications Systems integrators Technical staff, such as members of an application support team.

The security requirements of the application and the arrangements made for identifying risks and keeping them within acceptable levels. Critical business applications of any: Type including transaction processing, process control, funds transfer, customer service, and xogp applications Size e.


The target audience of the CI aspect will typically include: Owners of computer installations Individuals in charge of running data centers IT managers Third parties that operate computer installations for the organization IT auditors.

How requirements for computer services are identified; and how the computers are set up and run in order to meet those requirements. Of all sizes including the largest mainframeserver -based systems, and groups of workstations Running in specialized environments e. A network that supports one or more business applications. 2011 target audience of the NW aspect will typically include: Heads of specialist network functions Network managers Third parties that provide network services e.

Internet service providers IT auditors. How requirements for network services are identified; and how the networks are set up and run in order to meet those requirements.

Any type of communications network, including: A systems development unit or department, or a particular systems development project. The target audience of the SD aspect will typically include Heads of systems development functions System developers IT auditors. How business requirements including information security requirements are identified; and how systems are designed and built to meet those requirements. Development activity of all types, including: Projects of all sizes ranging from many worker-years to a few worker-days Those conducted by any type of developer e.

2011 Lexus IS F

The target audience of the UE aspect will typically include: Business managers Individuals in the end-user environment Local information-security coordinators Information-security managers or equivalent.

The arrangements for user education and awareness ; use of corporate business applications and critical workstation applications; and the protection of information associated with mobile computing.

Of any type e.

Back to top