Does anyone know of any well recognised industry standard for certification of IT security standards, for a small company of say 5 employees, without money to spend. ISO I believe is out of the question cos to takes oceans of time. I am looking for something more appropriate to scale. We have a few servers on our network and desktops.
Certified Information Systems Security Professional (CISSP) certification
It is the internationally recognised certification pursued for instance by staff of large American financial institutions, at least the one I used to work for.