Information is the currency of the information age and in many cases is the
most valuable asset possessed by an organisation. Information security
management is the discipline that focuses on protecting and securing these
assets against the threats of natural disasters, fraud and other criminal
activity, user error and system failure. Effective information security can be
defined as the preservation of confidentiality, integrity and availability of
information. This book describes the approach taken by many organisations to
realise these objectives. It discusses how information security cannot be
achieved through technological means alone, but should include factors such as
the organisations approach to risk and pragmatic day-to-day business
operations. This Management Guide provides an overview of the implementation of
an Information Security Management System that conforms to the requirements of
ISO/IEC 27001:2005 and which uses controls derived from ISO/IEC 17799:2005. It
covers the following: Certification Risk Documentation and Project Management
issues Process approach and the
