ABSTRACT

The British Standard Institute (BSI) defines an information security management system (ISMS) to be a systematic approach to managing sensitive company information so that it remains secure. It encompasses people, processes, and IT systems. Two international standards, originally developed in the BSI provide guidance and requirements towards achieving the ISMS: ISO/IEC 27001 and ISO/IEC 27002. The ISO/IEC 27002 is the new name for the ISO/IEC 17799.