Information Today is business critical and it should be suitably protected. Information leaks can cost the businesses dearly and such risks should be managed with risk assessment methodology and continuous improvement plan. ISO27001 provides guidelines for information security with a risk-oriented approach that ensures ongoing risk assessments through periodic audits.