•  Best practices/management
                                     checklist
                          •  BS 7799-2 / ISO 27001
                                 •  Compliance document
                                 •  Attainable certification


               Organizational Roles and Responsibilities
                   •  Executive Management: ultimately
                       responsible for security.
                   •  Information Systems Security Professionals:
                       Design, implementation, management,
                       review of policies, standards, procedures,
                       and guidelines.
                   •  Data / Information Owners: identify assets
                       and assign labels.
                          •  Process owner = programmer,
                              designer. They do not own the data,
                              but they do own the engine it is
                              running on.
                   •  Custodians: maintenance responsibilities
                       (e.g., network administrators/operations)
                   •  Users.
                   •  IS/IT functions: set up networks, desktops.
                   •  IS Auditor: responsible for testing the
                       effectiveness of security. In testing, they
                       should go through the same process to gain
                       access as a normal user.  Auditors make
                       sure your policies and procedures are
                       followed.  They also note shortcomings in