Information thechnology is no more an enabler. It has become a part and information parcel of bunsiness processes. Consecquently the asset composition of orgnizations has, with the concomitant vulnerabilities and risk, undergone significant changes. In the new scenario, stakeholder are apprehenshive about the scurity of informations systems. Assurance framework , and have issued guidelines for periodic informations system security assesment.