For years, the business community has been searching for a practical information security standard - one that can provide an organisation with best practices and yet be cost-effectively, reasonably achievable. Although organisations like NIST, ANSI, ISO, and others have been producing computer security standards and best practices for decades, most were technical and many academic, and therefore impractical in terms of meeting business needs. There was not one standard or set of best practices that emerged as a universal or generally accepted international security standard.

The trend in information security has recently changed from technical security controls to a concern for overall risk management, which shifts information security from a strictly IT focus to a business practice issue. Out of this change, one set of standards has come forward that allows business to establish an acceptable level of risk tolerance, and successfully manage and mitigate risk in an interconnected eBusiness environment. The 7799 standards - the ISO/IEC 17799:2000 Code of Practice and the BS 7799:2002 Information Security Management System have gained worldwide acceptance in recent years, and are, in fact, almost universally recognised as quality information security management. Organisations have adopted these standards to improve their information security posture, to retain a competitive advantage in the marketplace, to provide due diligence assurance to business partners and customers, and in some cases, to support regulatory compliance initiatives. Acceptance and adoption of these standards is recognised, and for certain industries required by state and federal governments in Europe, the Asia-Pacific region, Canada, and South America. Although strictly a voluntary compliance issue in the US, many business and industries are taking an interest. As the adoption rate continues to increase, these standards are set to become globally dominant.

The full report can be obtained from Cybertrust - http://www.cybertrust.com