Information is the currency of the information age and in many cases is the
most valuable asset possessed by an organisation. Information security
management is the discipline that focuses on protecting and securing these
assets against the threats of natural disasters, fraud and other criminal
activity, user error and system failure. This Management Guide provides an
overview of the two international information security standards, ISO/IEC 27001
and ISO 27002. These standards provide a basis for implementing information
security controls to meet an organisations own business requirements as well as
a set of controls for business relationships with other parties. This Guide
provides: An introduction and overview to both the standards The background to
the current version of the standards Links to other standards, such as ISO
9001, BS25999 and ISO 20000 Links to frameworks such as CobiT and ITIL
