Therefore, instead I'll recommend that you buy a copy of ISO/IEC 27002:2005 -- the Code of Practice for Information Security -- and use this as a checklist to determine what is missing and what you need to do.
This document of information security guidelines and general principles has been invaluable to me to help clients determine their existing security posture and prioritise their planning. The Code of Practice is available to purchase from BSI.
Related Q&A from Peter Wood
When sensitive documents are frequently travelling back and forth between a company and its business partners, email security becomes very important.... Continue Reading
In this expert response, Peter Wood explains the difference between database activity monitoring systems and security information and event ... Continue Reading
In this expert response, Peter Wood outlines some alternatives to NAC systems, and explains why, sometimes, NAC systems really are the best choice. Continue Reading