Search

NR Lab

how to find software solutions for your security needs

According to Wikipedia:”The Standard of Good Practice (SoGP) is a detailed documentation of identified good practices in information security. First released in 1996, the Standard is published and revised every two or three years by the Information Security Forum (ISF), an international association of organizations in financial services, manufacturing, consumer products, telecommunications, government, and other areas. The Standard is available free of charge for non-commercial use from the ISF, whereas other ISF reports and tools are generally available only to member organizations.”The Standard is divided into six different categories:

• Computer Installations: Considers how computer service requirements are identified and how the computers are set up
• Networks: Considers how network needs are identified and how networks are set up and run
• Critical Business Applications: Focuses on security requirements of business applications and the risks involved
• End-User Environment: Considers issues of user education and awareness, along with how business and workstation applications are used
• Systems Development: Determines how business systems are designed to meet different requirements
• Security Management: Discusses the ways in which good information security practices are promoted and resources are distributed

Users can access the standard online at www.isfsecuritystandard.com. The last update was in 2007, but a new one is expected sometime this year. Other cyber security standards include ISO/IEC 27002 (published by the International Organization for Standardization and the International Electrotechnical Commission); all those published by the North American Electric Reliability Corporation (NERC); and the standards of the National Institute of Standards and Technology (NIST).