Information Security based on ISO 27001/ISO 27002: A Management Guide - Best Practice

Information is the currency of the information age and in many cases is the most valuable asset possessed by an organization. Information security management is the discipline that focuses on protecting and securing these assets against the threats of natural disasters, fraud and other criminal activity, user error and system failure. This Management Guide provides an overview of the two international information security standards, ISO/IEC 27001 and ISO 27002. These standards provide a basis for implementing information security controls to meet an organisation s own business requirements as well as a set of controls for business relationships with other parties.