The Standard of Good Practice for Information Security (the Standard) is the foremost authority on information security. It addresses information security from a business perspective, providing a practical basis for assessing an organisation’s information security arrangements.

• https://www.isfsecuritystandard.com/
• https://www.securityforum.org/

The six 'aspects' of information security

• SM: Security Management (enterprise-wide)
• UE: End User Environment
• SD: Systems Development
• CB: Critical Business Applications
• NW: Networks
• CI: Computer Installations