Very good infosec article from David Lacey. BS7799/ISO27001 is widely recognised, but considered too bulky for small business. PCI-DSS is based on ISO27001, is 'lighter' but still companies have trouble.
http://www.computerweekly.com/blogs/david_lacey/2011/12/small_businesses_need_better_s.html
