The international standard ISO/IEC 27001:2005 Information Technology – Security Techniques – Information Security Management Systems – Requirements has now replaced the British standard BS 7799-2:2002. Information security has always been an international issue, not a purely British one, and this evolution in the standard now enables organizations throughout the world to ensure that they are applying information security best practice in their organizations.

Information security is also a management issue, a governance responsibility. The design and implementation of an Information Security Management System (‘ISMS’) is a management role, not a technological one. It requires the full range of managerial skills and attributes, from ...