ISF STANDARD OF GOOD PRACTICE

The Information Security Forum (ISF) has developed the comprehensive and authoritative Standard of Good Practice for information security (SOGP), regarded by many international Blue Chip organisations as the most practical source of information security and information risk-related guidance in the world. It is based on the results of world-wide research projects, analysis of other leading standards (eg ISO 27002 and the NIST Cybersecurity framework) and the latest thinking from leading players in the information risk arena.

The SOGP addresses information security from a business perspective and provides an ideal basis for assessing and improving an organisation's information security arrangements. However, there can still be challenges when it comes to adopting the Standard in practice – and making sure that it is implemented effectively in all parts of your organisation in a consistent, sustainable manner.

The founder of Jerakano is one of the principal authors of the SOGP and our technical specialist has developed a range of SOGP tools, so our company is well placed to ensure you implement it effectively, at the same time helping you to make the most of ISF tools and services.

Our services are carefully tailored to the specific needs of your organisation, but a typical approach would include:

  • Gaining a high level understating of the nature of your business and the approach taken by your organisation for managing information risk enterprise-wide
  • Building a profile of the environment to be reviewed, be it the entire organisation, a particular business unit or a critical business application, taking account of the business environment, IT infrastructure, applications, information and people involved
  • Identifying your organisation's current security requirements for that environment, typically based on criticality assessments, risk analysis, compliance obligations and an information classification scheme
  • Performing a high level review of your organisation's information security arrangements, including a gap analysis against the SOGP, identifying strengths and weaknesses
  • Helping you develop a method of monitoring key management information for each of the 160 topics in the ISF Standard, such as: determining applicability and importance to your business; assigning responsibility and accountability; identifying breadth and depth of coverage; assessing level of implementation; tracking progress status; and considering the degree of automation
  • Running a tailored SOGP certified analyst training course for your security team – and beyond
  • Producing a systematic, structured report, summarising key findings and recommending pragmatic actions for addressing them (including the use of automated solutions).
IMPLEMENTATION SERVICESJERAKANO ISF SUPPORT