Information’ is no doubt one of the most critical and strategic asset for any enterprise operating in this global arena. This information ranges from typical office documents to the information stored in highly sophisticated information systems. Most enterprises today relay on complex Information and Communication Technologies and Devices to transmit this information. Information must only be shared with the intended stakeholders (i.e. Confidentiality), must always be correct and up to date (i.e. Integrity) and available 24/7 (i.e. Availability). •Overview to ISO 27001 (Information Security Management System- ISMS) oSecurity Policy oOrganization of information security oAsset management oHuman resource security oPhysical and environmental security oCommunications and operations management oAccess control oInformation systems acquisition , development and maintenance oInformation security incident management oBusiness continuity management oInformation security compliance •Implementing ISO 27001 oScope and Initiation oAs-Is Analysis oGap Analysis oCharter of change oTo-Be Process Development oRisk assessment & asset valuation oInternal / external audits oTransition •Group Case study