Price displayed is for a print copy only.
Purchase PDF copy.

Information is the lifeblood of all businesses. Information, which ranges from customer details to confidential data to corporate intellectual assets, to budget projections to employee bank account details - and this permeates all parts of the organisation, regardless of size, sector, or purpose. Equally there are risks to our business information that must be first recognised, then mitigated completely or at the very least reduced to acceptable levels.

Like any other asset, information must be protected. It may be stolen or sabotaged. It may be unavailable at the very time it is needed. Furthermore, we have legal obligations to provide adequate protection to some types of information. If these business and commercial drivers were not enough, if others use our resources for their misdemeanours, we may be liable if we did not try to at least pre-empt their actions.

This Best Practice Guide sets out to offer a comprehensive and comprehensible guide to the murky world of standards for information security management. In particular, it identifies exactly where you and your organisation will have need of expertise in this field. By helping you to identify your current level of knowledge the Guide will show you where your gaps are in understanding and application and how to select the sources of support necessary to fill these gaps.

The book is a 'best practice guide' in the most useful manner possible in that it combines an up-to-date description of the various standards and methods with a sound, critical research approach to the material. I would encourage all academics and practitioners concerned with analysis and design of information systems to read the material presented here and to take seriously the issues raised by the authors in order to improve the overall level of 'professionalism' throughout the industry.
Bob Wood, Professor of Information Systems, The University of Manchester

This Guide forms part of the NCC 'Best Practice' Guides series and is intended to be of practical use for decision makers in IT. This guidance is achieved through industry consensus, managed by NCC, across the broadest range of professionals and experts.