International standard - Information security
Archive REF: H5070 V2

International standard - Information security

Author : Claude PINET

Publication date: February 10, 2015 | Lire en français

Logo Techniques de l'Ingenieur You do not have access to this resource.
Request your free trial access! Free trial

Already subscribed?

Overview

ABSTRACT

Information security comes within the scope of standardization (ISO and AFNOR (French national body mirroring ISO)). The following standards are concerned: ISO / IEC 27001 Requirements for certification, ISO / CIS 27002 Codes of practice, and ISO / CIS 27005 Risk management. Information security is organized in an Information Security Management System (ISMS). The methodological approach requires an inventory of assets and a risk analysis with regard to three factors: availability, integrity, and confidentiality. According to the impact (gravity) and the probability of occurrence (frequency) the risks are classified as either acceptable or residual. Security incidents must be managed. Risk treatment plans help to improve the ISMS.

Read this article from a comprehensive knowledge base, updated and supplemented with articles reviewed by scientific committees.

Read the article

AUTHOR

  • Claude PINET: Graduate engineer, Conservatoire National des Arts et Métiers (CNAM) - European Engineer EUR ING® - IRCA (International Register of Certificated Auditors) certified audit manager n° 1182803 - Founding Director CPI CONSEIL, France

 INTRODUCTION

Information is a vital asset for any organization. It represents a vital resource for carrying out activities. As such, information requires appropriate protection and management.

The aim of information security is to protect information against the many threats that can lead to the degradation or interruption of an organization's business continuity. Measures must be defined, implemented, monitored, reviewed and improved in order to achieve a number of dedicated security objectives.

Specific processes must be defined and deployed to achieve this. However, these must be organized harmoniously with other processes as part of the organization's overall management system.

In order to specify information security requirements, an international standard has been drawn up. Naturally, it is applicable to the various systems that process information.

The content of this article has been updated following the latest version of the international standard NF EN ISO/CEI 27001 published in December 2013.

You do not have access to this resource.
Logo Techniques de l'Ingenieur

Exclusive to subscribers. 97% yet to be discovered!

You do not have access to this resource. Click here to request your free trial access!

Already subscribed?

KEYWORDS

security of informations systems   |   ISMS   |   information security   |   information security management system   |   information system   |   standardization   |   certification   |   ISO/CEI 27001:2013

EDITIONS

Other editions of this article are available:

Jul, 2024 current edition by Claude PINET
Ongoing reading
Standards, information security

Article included in this offer

"Software technologies and System architectures"

( 227 articles )

Complete knowledge base

Updated and enriched with articles validated by our scientific committees

Services

A set of exclusive tools to complement the resources

View offer details
Contact our team FAQ