Security is a bit like drains: important, but not very exciting, meaning no-one really wants to take responsibility for it. It is, however, vital that it is done correctly because if it goes wrong, as with drains, you will end up with a very unpleasant situation that everyone will know about.

Knowing what to do about security at management level is no longer a complete mystery. Since the publication of the ISO guidelines on information security (ISO17799) a good, standard reference has existed that can be used as a starting point. The problem with a universally accepted set of guidelines for those people trying to ignore the issue is that they quickly get used as a definition by others who need to make sure your business is not a high risk. Insurers, regulators and even clients will increasingly start to expect this as a minimum standard. Some may even require your firm to be certified as meeting the much more detailed British Standard (BS7799).