Some info can be found here : http://www.aon.com/risk_management/information_security/security_tip_thirteen.jsp
I’m not very fond of it to be honest…
Bye, Fast