The subject of information security is given top priority to too late - usually after something major has gone wrong . The search for what caused the damage in the first place then reveals that several aspects have been considered - firewall, virus protection, backup - but that others have been completely ignored. When you start looking at the many measures that are required, it soon becomes obvious that efficiency and cost effectiveness are the greatest challenges facing a functioning information security management system (ISMS).
A tried and tested standard like the BSI's basic IT protection ensures that those concerned with security first have to define what topics are most pressing in their own company before they start implementing measures. In its document 100-1, the BSI translated and modified the international standard ISO 27001. It can be downloaded free from the BSI website.
Because of the many different measures required, implementing basic IT protection can seem very complicated and difficult to get off the ground. SerNet offers an open source tool as well as consulting and audit services to help you.