Hyper-connected world bring with a wide range of benefits a wider range of threats. EU’s General Data Protection Regulation is just the beginning of a new approach to regulation in information security and protection. Protecting information whether it be commercially sensitive or the personal details of their clients, employees or suppliers has never been more under the spotlight than today. Why what and how organizations should be able to manage their information security risks effectively in compliance with applicable regulations shall be the main questions in the implementation of the correct management system. Each company purposely or even not collects and processes sensitive information and it is the right time to implement and maintain an information security management system.