Lately, more and more importance is given to the dangers that are closely related to information security in the organization. Thus, the problem of information security becomes a problem for all types of organizations regardless of their form of ownership, size or industry. In order to deal with the problem of infromation security in the best possible way, such as their loss, organizations require an insurance mechanism for managing informations that includes availabilty, integrity and definition of levels of the confidentialty of information. That system is called „Information Security Management System (ISMS)“. In order to better define ways of solving security problems, ISO-IEC/BSI developed international standards known as ISO 17799 / ISO 27001. By achiving certification based on these standards, an instrument of competitiveness is acquired which ephasizes the obligation of perserving information towards interested parties with respect to the law, both from the profession and state regualtions. Application of the standard is specificly intended towards the organizations that have internal and/or external information systems, confidental data, whose functioning of business processes depends on the information system and other organizations that wish to adapt to the needs of today’s information security. A large part of these organization are: banks, IT companies, financial and insurance companies, hospitals, schools, universities, manufacturers of automotive parts, call centers, tax authorities, consulting companies and many other organizations.