ISO 27001
Information Security Management (ISMS)
Information security aims to protect the information and resources of an information system (of which the information system is a part) in general, from possible damage that may cause a reduction in their value.
In addition, it aims to provide reliable information, which is available to authorized users when they need it.
A more practical view of information security is as a structured system of processes, consisting of three distinct steps: prevention, detection and response:
- Prevention is the subset of processes against which protection measures are taken to avoid the consequences of undesirable actions.
- Detection is the subset of the processes of locating actions and searching for facts and persons that caused these actions, as well as their consequences.
- Response is the subset of the processes of restoring damaged resources and dealing with ongoing attacks.
Resource protection and data protection is not defined vaguely, but on the basis of the three (3) fundamental properties of Information Security, which are:
- Confidentiality: refers to the protection of information from unauthorized disclosure (reading).
- Integrity: concerns the protection of information from unauthorized change (modification or deletion).
- Availability: refers to the safeguarding of the authorized access (either for disclosure or for change) to the information, without obstacles or delay.