In literature it can be found results of different research of influence of information systems and security procedures on overall business and particularly on organisation aspects of business. In context of implementation of information security procedures, the issue of perception of management needs to be researched due to constant and rapid improvement of all aspects of information systems and their security. Framework of this research is based on issues of standardisation of information security. Particular emphasize has been put on ISO 27000 group of standards.
Information security and control have become crucial nowadays. Organisations may have very valuable information assets to protect. Protection of information resources can be reached mainly through implementation of controls (defence mechanisms) in order to prevent accidental or intentional danger to occur, and detect problems as soon as possible. Important point of protection is to prevent incidents. Defense does not serve anything after an incident has occurred. Credit card
One of the most important issues regarding information processing is information security itself. Information security must not be taken as granted. It is an issue of constant work and improvement in any organisation which is dealing with information assets. Some research has shown that 75 percent of companies with information security policies do not keep them up-to-date and that only 9 percent of employees understand these security policies. Many organisations lack disaster recovery and business continuity plans, or fail to patch their software routinely against security vulnerabilities. Managers do not appreciate the value of a sound security strategy. Security is a subject most business executives try to avoid since they feel that discussing their business security procedures and policies might increase risk of an attack. Security threats grow every day, but they are neither predictable nor finite. This makes more difficult to calculate returns on security investments. Unless managers change their attitude about security, security budgets will be inadequate. As standardisation of information security has to be considered within information security as a whole, it can be expected that business executives would try to avoid it.