In our selection of a suitable information security standard
we have defined two requirements: 1) the chosen standard must
aim to be comprehensive and have a wide scope on information
security and 2) the chosen standard should have – even if very
limited – a representative character for actual security practice.