Security and compliance are tied at the hip. While at one time in the distant past we used to secure our networks because it was the "right" thing to do - in the modern world we have to deal with "grudge spend" on security and often times that spend is forced by the need to meet complinace requirements.
While it's a almost a law of physics that compliance has little relationship with real security, it can be a powerful motivation and starting point for those who are interested in honestly securing their assets against today's cyber risks. Often what started out as compliance checkbox exercise turns into a real security effort, which ends up saving companies many thousands or millions of dollars.
Where to start? How about with 13 secruity princinples that will help you meet ISO 27001 requirements? Microsoft has published a paper that will give you just that! Check out 13 Effective Security Contro0ls for ISO 27001 for more information.