LOGBOOK

HELP

Quiz Entry - updated: 2026.06.04

How is the ISF Standard of Good Practice maintained, and into which six categories ("aspects") is it organized?

It is updated annually, supports benchmarking against peer organizations, and is structured into six aspects spanning management, applications, installations, networks, development, and end users.

The six aspects:

  1. Security Management (enterprise-wide) — governance, policy, organization
  2. Critical Business Applications — securing the applications the business depends on
  3. Computer Installations — data centers and server infrastructure
  4. Networks — network infrastructure and communications
  5. Systems Development — building security into new systems
  6. End User Environment — workstations, devices, and the people using them

Two operational strengths:

  • Annual updates — faster cycle than ISO standards (which revise roughly every 5–10 years), so current threats appear sooner
  • A benchmarking program: members measure their security performance against the standard and against each other — answering management's favorite question, "how do we compare to our peers?"

Tip: The six aspects follow the asset chain: who manages security → what runs the business → where it runs → what connects it → how it's built → who uses it.

From Quiz: ISM / Frameworks — NIST CSF & IKT Minimalstandard | Updated: Jun 04, 2026