This document explains the need for information security for all organizations and also the standards to be followed for doing the same. It also gives vendor selection criteria for selecting a consultancy firm for information security. It gives guidelines as to how to stop ethical hacking of your web application, be it any critical data from getting hacked, scripts being run, without the knowledge of the owner.