The Standard of Good Practice for Information Security / Information Security Forum, 2007
http://www.isfstandard.com/SOGP07/index.htm
"The Standard of Good Practice for Information Security (the Standard) is the foremost authority on information security. It addresses information security from a business perspective, providing a practical basis for assessing an organisation’s information security arrangements. The Standard represents part of the ISF's information risk management suite of products and is based on a wealth of material, in-depth research, and the extensive knowledge and practical experience of ISF Members worldwide. The Standard is updated at least every two years."