GLBA News

SCIPP International Aligns Generally Accepted Practices (SCIPP GAP) to Industry Standards

(May 23, 2008)-- SCIPP International, a global non-profit organization dedicated to providing world-class security awareness training and certification services, today announced it has realigned its Generally Accepted Practices (SCIPP GAP) to cover relevant end-user security awareness topics found in the International Organization for Standardizations (ISO) Standard 27001.

ISO/IEC 27001 specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System within the context of the organization’s overall business risks.

The SCIPP GAP was revised to cover end-user security awareness topics found in ISO 27001 to complement existing content derived from the US Department of Homeland Security’s IT Security Essential Body of Knowledge (DHS EBK); (ISC)2’s Certified Information Systems Security Professional (CISSP) CBK®, a compendium of information security topics; and ISACA’s Certified Information Security Manager (CISM) common body of knowledge.

The SCIPP GAP establishes internationally recognized best business practices by continuously updating a compendium of security awareness topics. These topics form the framework of security awareness terms and principles and serve as the basis for development of SCIPP’s security awareness training programs for individuals and certification programs for organizations.

The SCIPP GAP’s 10 practice areas are comprised of the following: incident reporting, access controls, malicious code, Internet communications, asset management, human resource security, physical and environmental security, social engineering, business continuity management, and compliance.

“With oversight from our respected international body of advisors, the SCIPP GAP has been mapped to cover the security awareness topics found in the most respected standards and common bodies of knowledge in the security world,” said Winn Schwartau, SCIPP International founder. “It is a major milestone in our mission to gather the best security awareness practices in a single repository.”

While the SCIPP GAP serves as the foundation for all SCIPP security awareness courses, customers have the option of tailoring a course to meet their specific needs using the SCIPP “Cube,” a product customization model with six sides. Each side of the SCIPP Cube represents a different customizable variable. The six sides or variables of the SCIPP Cube are:

* Vertical market (e.g., financial services, healthcare, government, retail, education, etc.) which can be tailored to meet specific compliance needs (e.g., GLB, HIPAA, FISMA, etc.)
* Course length (desired number of minutes or hours)
* Target audience (e.g., end-users, management, consumers, etc.)
* Language (e.g., English, Spanish, etc.)
* Delivery method (e.g., SCIPP hosted, customer hosted, Webinar, instructor-led, etc.)
* Attendees (i.e., approximate number of program participants)

Share or bookmarklet this web page at: