LOGBOOK

HELP

Quiz Entry - updated: 2026.06.04

What is the ISF Standard of Good Practice for Information Security?

A business-focused guide for identifying and managing information security risks, distilled from the experience of 260+ large global organizations.

Published by the Information Security Forum (ISF) — a member-funded, independent association of (mostly large) organizations.

Key characteristics:

  • Business-focused: written from the perspective of managing business risk, not technical checklists
  • Based on the collective practice of over 260 large, internationally active member organizations — peer experience rather than government mandate
  • Incorporates other standards: aligned with COBIT, PCI DSS, ISO 27001/27002, SOX, etc., so it can serve as an umbrella
  • Can serve as the foundation for building an ISMS — an alternative or complement to ISO 27001

Tip: Position it mentally: ISO 27001 = certifiable requirements; NIST CSF = free public framework; ISF SoGP = members' best-practice playbook. Companies often use SoGP internally for depth while certifying against ISO 27001 for the market signal.

From Quiz: ISM / Frameworks — NIST CSF & IKT Minimalstandard | Updated: Jun 04, 2026