Therefore, instead I'll recommend that you buy a copy of ISO/IEC 27002:2005 -- the Code of Practice for Information Security -- and use this as a checklist to determine what is missing and what you need to do.
This document of information security guidelines and general principles has been invaluable to me to help clients determine their existing security posture and prioritise their planning. The Code of Practice is available to purchase from BSI.
Related Q&A from Peter Wood, network security
When sensitive documents are frequently travelling back and forth between a company and its business partners, email security becomes very important....continue reading
There are a few different ways to approach mobile encryption. In this expert response, Peter Wood discusses the pros and cons of different mobile ...continue reading
In this expert response, Peter Wood outlines some alternatives to NAC systems, and explains why, sometimes, NAC systems really are the best choice.continue reading