A small research centre would like to implement an information security management system based on ISO/IEC 27001 and ISO/IEC 27002.  The research centre has three information systems – HR system, Finance System and Projects Server.  As the Security Manager, you will prepare a report on how security should be implemented in the research centre.