GAISPhas been formed to address the underlying fact that the ISpractice-Information Security is now at crossroads. GAISP will obtainIS policies that have been proven otherwise are accepted in practice.It documents the policies in a single repository. GAISP sketch uponthe established IS standard and guidance to create an objective but acomprehensive supervision for state, users, organization andinformation technology professionals. Through the use of the currentstandards and documents, allows a high acceptance level of GAISP andensure several advantages to be attained. The best professional andcommercial procedures that are accepted as being adequate or correct(ISSA, 2004)

Self-regulationmay take the shape of codes of practice or conduct adopted anddeveloped by individual organizations, professional or industryassociations or the public sector agencies. Some of the bestprocedures include the IS approaches where the administration allowsthe procedures and support the procedures on the baseline, standardsand approaches are maintained and developed to tackle the IS features(Peltier, 2016).

IScontrols the entity that should be balanced to the modification ofrisks, disclosure, and denying information usage. GAISP willreference and establish a sound foundation of the current workthrough their broad acceptance which has articulated in differentways. GAISP will be identified in three levels. The pervasiveprinciples that target the governance and defines the conceptualobjectives of information security (Siponen &amp Willison, 2009)


  • Computer security should be cost helpful

  • Computer security sustains the organization mission

  • System owners have responsibilities towards security outside their organization

  • Computers security is a connected facet of a viable management

  • Computer security needs an integrated and a comprehensive approach

  • Computer security is limited by the factors in the society

  • The safety of equipment should be reassessed periodically


ISSA.(2004). Issagenerally accepted information security policies.GAISP

Siponen,M., &amp Willison, R. (2009). Information security managementstandards: Problems and solutions.&nbspInformation&amp Management,&nbsp46(5),267-270

Peltier,T. R. (2016).&nbspInformationSecurity Policies, Procedures, and Standards: guidelines foreffective information security management.CRC Press

Thomson,K. L., &amp Von Solms, R. (2005). Information security obedience: adefinition.&nbspComputers&amp Security,&nbsp24(1),69-75