Unless you’re a relatively small organization or, as an organization, you do not use information or information technology, ISO 27001 is an appropriate standard for you to deploy to safeguard your IT infrastructure investments, protect your competitive position and ensure you comply with current and future national and international laws and regulations.

If you do, you need to have a structured approach to protecting it against multiple external and internal threats; such an approach requires a mix of technology and procedure, as well as informed and well-trained computer users. The standard contains best practice guidelines ...