"Best practice" and "gold standard"
4 views
Skip to first unread message
Rob Slade, greatgrandpa and widower
Jun 6, 2026, 1:18:27 PM (4 days ago) Jun 6
to hyperg...@googlegroups.com
A tautological pair of definitions I included in mine:
best practice(1) the gold standard for security buzzphrases. In fact, there was an extended discussion on the use of the phrase "best practice" on the CISSPforum in July of 2005. The implication of best practice is that it is an optimum procedure for most situations, although it may also imply a practice that works in every situation, or a minimum standard. It was, however, noted that "best practice" is never a guarantee or panacea. Other phrases discussed were standard practice (what most people do), essential practice (what should be done as an absolute minimum), and leading practice (what the "best" companies do).(2) in an attempt to keep this phrase off the scrap heap, GH has proposed that it is "to align security controls with risks that are relevant to the context of the organization."
gold standardthe best practice in describing your standard, if you want people to buy into it
Psalm 142:4, Ezekiel 24:16,18; Matthew 13:12; Isaiah 57:1; Genesis 2:18; 2 Corinthians 2:7,8; John 13:35; Proverbs 25:20; James 2:15,16; Proverbs 24:11-12, Jeremiah 45:3, Deuteronomy 28: 65-67, Isaiah 38:15, Psalm 69:20, Revelation 9:6, Numbers 11:15
Uuk klah ma, Rob. U huk witas hluucsma, Gloria Wikaah chachimhiy.
Public Art in PA: https://fibrecookery.blogspot.com/2023/08/public-art-in-port-alberni-introduction.html
How Computers Work [From the Ground Up] https://fibrecookery.blogspot.com/2025/12/how-computers-work-from-ground-up.html
AI topic and series: https://fibrecookery.blogspot.com/2026/01/ai-000-intro-table-of-contents.html
CISSP online seminar (in bits): https://fibrecookery.blogspot.com/2023/02/cissp-seminar-free.html https://www.youtube.com/playlist?list=PLUuvftvRsRv7D5PiHIULhhd9M032ej4_i
Online Scams and Frauds (OSF) series postings:
======================
"If you do buy a computer, don't turn it on." - Richards' 2nd Law
My ultimate fantasy is having a brain that lets me enjoy being alive.
Gary Hinson
Jun 6, 2026, 2:21:50 PM (4 days ago) Jun 6
to hyperg...@googlegroups.com
Hi Rob.
"Best practice" is defined on page 70. I'll be adding-in a quoted definition from the DRI glossary:
DRI and ISACA agree that best practice is a 'proven activity', although that's not strictly 'proof' in the mathematical or philosophical sense (page 577) as in proof-of-work for blockchain.
"Good practice" is defined on page 321, quoting ISACA. Less contentious, I feel.
"Best Current Practice" (page 69) is interesting. BCP is the IETF's term for evolving practices, too dynamic to be tied down as [static] standards just yet. AI would be a topical example - something I waffled on about yesterday in the ISO27001security.com blog. ISO has a similar concept in their "Technical Report" standards e.g. ISO/IEC TR 27024 so (if I could be bothered - which I can't) I could make a case that ISO/IEC 27090 on AI security should really be a TR not a full International Standard.
So that leaves "Gold standard". Your definition is amusingly cynical, Rob, but I think the formal version is something to do with standardising the value of currency so that people trust in the value of notes and coins 'backed by gold' (unlike cryptocurrency, which is 'backed by obscure mathematics, optimism and greed'). Or something. I'm not sure. It has some relation to cyber/info security I guess and might be a nice way to link several entries, so I'll mull it over. Thanks for the suggestion.
Kind regards/Ngā mihi,
____________________________________________
Gary Hinson CEO of IsecT Ltd
Information risk and security consulting
ISO27k Audit ISMS templates and policies
Pragmatic Security Metrics
Cybersecurity Hyperglossary
_____________________________________________
--
You received this message because you are subscribed to the Google Groups "Cybersecurity hyperglossary" group.
To unsubscribe from this group and stop receiving emails from it, send an email to hyperglossar...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/hyperglossary/CAOX%2BAR6A1TnGwSrvGvzNphBURE4098%2BFioX94myAM4PEFE%3Ditg%40mail.gmail.com.
Gary Hinson
Jun 6, 2026, 3:37:41 PM (4 days ago) Jun 6
to hyperg...@googlegroups.com
PS I just bumped into a research paper all about experts defining and interpreting 'cybersecurity' for non-experts.
I'm feeling slightly better now about obsessing over this stuff.
Kind regards/Ngā mihi,
____________________________________________
Gary Hinson CEO of IsecT Ltd
Information risk and security consulting
ISO27k Audit ISMS templates and policies
Pragmatic Security Metrics
Cybersecurity Hyperglossary
_____________________________________________
Gary Hinson
Jun 6, 2026, 5:10:34 PM (4 days ago) Jun 6
to hyperg...@googlegroups.com
OK, here goes: 1st draft ... brace yourselves ...
Definition a) feels too wordy, too detailed, and begs questions such as what is a 'fiat monetary system', and how was the transition agreed/organised ... but that is heading off-piste. For now, I've mentioned and hyperlinked to 4 other defined terms, gently guiding bewildered readers back on track.
My next job is to find suitable terms/definitions from which to link to this entry.
In parallel, a small part of my brain is toying with the idea of defining 'bad practice' as well. Given so many possibilities in the cyber/infosec context, it's challenging to pick outstanding examples!
Kind regards/Ngā mihi,
____________________________________________
Gary Hinson CEO of IsecT Ltd
Information risk and security consulting
ISO27k Audit ISMS templates and policies
Pragmatic Security Metrics
Cybersecurity Hyperglossary
_____________________________________________
Reply all
Reply to author
Forward
0 new messages