An Information Security Management System (ISMS) is a management system based on a systematic business risk approach, to establish, implement, operate, monitor, review, maintain, and improve information security. It is an organizational approach to information security. ISO/IEC 27001 is a standard for information security that focuses on an organization’s ISMS.
The value of information goes beyond the written words, numbers and images: knowledge, concepts, ideas and brands are examples of intangible forms of information. In an interconnected world, information and related processes, systems, networks and personnel involved in their operation, handling and protection are assets that, like other important business assets, are valuable to an organization’s business and consequently deserve or require protection against various hazards.
Information can exist in many forms. It can be printed or written on paper, stored electronically, transmitted by post or using electronic means, shown on films, or spoken in conversation. Whatever forms the information takes, or means by which it is shared or stored, it should always be appropriately protected.
In addition, other properties, such as authenticity, accountability, non-repudiation, and reliability can also be involved.
Information security is achieved by implementing a suitable set of controls, which could be policies, practices, procedures, organizational structures and software functions. These controls need to be established to ensure that the specific security objectives of the organization are met.
Twitter
Studied or Worked here? Share Your Review
Please do not post:
Thank you once again for doing your part to keep Edarabia the most trusted education source.