The BSI has just published the new document of the 7799 family, BS7799-3. It is a guide to the implementation of a Risk Management process, one of the main parts of the ISMS proposed by BS77799-2/ISO27001. I haven't read this document yet, but it's good to know that material to support the development of the main infosec processes needed by an organization is being produced. There are several other standards being developed by the SC27 of ISO, which is in charge for the 27000 family. I believe that in a few years we will have a very good set of security standards.