Information security is a way of keeping up with the integrity, confidentiality, availability and other properties such as authenticity, accountability, non-repudiation and reliability of systems, inter-networks and data itself in whatever forms, either electronic or printed documents. According to ISO 27002, Introduction, page viii, "whatever form the information takes, or means by which it is shared or stored, it should always be appropriately protected".
Obviously, information security has alot of meanings to most entities. In a world full of information it is always good to have an international standards documents, if exist, to refer to in order to get the most out of it before wandering anywhere else.
The international standards in information security, the 27000 family (these are downloadable but you need to pay first) are the following:
ISO 27001 - the specifications or requirments in information security management systems, now an international standard
ISO 27002 - the code of practice in information security management, now an international standard
ISO 27003 - the implementation guidance in information security management systems, a working draft
ISO 27004 - the measurements in information security management
ISO 27005 - it provides guidelines in information security risk management
ISO 27006 - it specifies requirements and provides guidance for bodies providing audit and certification of an information security management system
The ISO 27000 family or the ISMS itself has other standards to augment its application, correspondence, relationship and mapping (either directly or indirectly) to other international standards such as:
ISO/IEC 13335 - Management of ICT Security Parts 1 and 2 (deals with policy and planning, risk assessment methods and selection of controls). Part 1 has been published and Part 2 is still under development.
ISO/IEC 18048 - Incident handling management standard
ITU-T X.1051 - ISMS Telecoms (this is ISO/IEC 27001 plus a set of telecoms requirements which adds to those controls in ISO/IEC 27002 (ISO/IEC 17799))
Business Continuity and Disaster Recovery Services - (new project based on the Singapore standard SS 507)
OECD Principles - Guidelines for the security of information systems and networks: Towards a culture of security
ISO 9001:2000 - Quality management systems
ISO 14001:2004 - Environmental management systems
ISO 19011:2002 - Guidelines for quality and/or environmental management systems auditing
ISO/IEC 18028 - Network security
ISO/IEC 15408 - Evaluation criteria for IT security products
ISO/IEC 11770 - Information for key management
ISO/IEC 9796 - Method for key production for the three signature schemes
ISO/IEC 14888 - Mechanisms that provide digital signature
ISO/IEC 15489-1 - Information on managing organizational records
Make sure to check them out. They have been mentioned because they have their own purpose and surely beneficial with each other. Though suggested it should focus on ISMS.