HIPAA news
HIPAA advisory
HIPAAdvisory > HIPAAnews Phoenix Health Systems
news
regs
action
tech
wares
alert
live
latest
online HIPAA training
HIPAAstore
HIPAA help desk
search
contact us
site map

Information Security Assoc. Issues First Stages of Generally Accepted Security Principles

OAK CREEK, WI -- May 17, 2004 -- The Information Systems Security Association (ISSA), a not-for-profit association specifically for security professionals, today unveiled the first two levels of the Generally Accepted Information Security Principles (GAISP) in its initiative to deliver the industry's most comprehensive professional guidance. The published Pervasive and Broad Functional Principles offer executive and management professionals a framework for an information security program that fully addresses industry standards, regulations and business objectives.

The published principles are now available to the public at http://www.issa.org/gaisp/. This site also contains the GAISP Strawman & Mapping Matrix, which illustrates the extensive scope of the Principles compared to industry standards such as ISO 17799, the ISACA Control Objectives for Information Technology, the (ISC)(2) Common Body of Knowledge, the NIST Generally Accepted Principles and Practices for Securing Information Technology Systems, and the ISF Standards of Good Practice for Information Security.

"Information security as an industry is maturing very quickly, but businesses lag behind in understanding it is an enterprise issue instead of a purely technical issue. There has been an urgent need for a common reference that links enterprise security principles to standards and best practices to help guide the development of information security programs," said Jody Westby, Chair of the American Bar Association's Privacy & Computer Crime Committee. "I support the ISSA's initiative to create generally accepted principles that blend the technical, legal, managerial, and operational aspects of information programs. My Committee is pleased to consult with the ISSA on the development of the GAISP."

The ABA Privacy & Computer Crime Committee has formed a GAISP Working Group to review the framework and Principles as they are drafted and provide input. The GAISP development plan also includes review periods with other professional organizations as well as a release for public comment to elicit input from a broad range of perspectives.

"These Principles deliver a foundation for professionals to make effective, responsible decisions to protect information," said Mike Rasmussen, Chair of the GAISP Executive Committee and VP of Standards and Public Policy for the ISSA. "We are combining the strong points of leading standards and regulations, and filling in the gaps to create a unified body of guidance, from strategy to implementation. Participation from global security experts, developers, and other organizations helps ensure that the Principles are a functional resource for businesses and government entities."

The Detailed Principles currently in development round out the GAISP with technical guidance to meet the objectives of the first two levels of Principles, as well as industry standards, best practices and government regulations.