Presents a perspective of the ISO/IEC 17799 Information Security Standard and provides an analysis of how to effectively measure an information security program using this standard. This book includes a qualitative-based risk assessment methodology.