ISO 27001 is increasingly popular because of compliance regulation and the growing need to reduce the operational risk of information security.
What ISO 27001 is missing though, is the business context – the ability for an SME to determine the cheapest and most effective security countermeasures and their order of implementation.  Since ISO 27001 certification requires compliance with the entire control set, it may be too daunting for an SME to consider.
Any business can perform an ISO 27001-based risk assessment on their operation  with their business assets and their typical business  threats  in just a few minutes using the Software Associates PTA library for ISO 27001.  You can download the free Practical Threat Analysis library for ISO 27001 and our free risk assessment software – and upgrade your security today using ISO 27001, the most important vendor-neutral standard for data security available.