ISO/IEC 27001:2013
An Information Security Management System (ISMS) is a systematic approach to managing sensitive company information so that it remains secure. It encompasses people, processes and IT systems. BSI published a code of practice for these systems, which has now been adopted internationally as ISO/IEC 27001:2013. Information security is intended to achieve confidentiality, availability, and integrity. Information security describes efforts to protect computer and non-computer equipment, facilities, data, and information from misuse by unauthorized parties. Information security means protecting information and information systems from:
- Theft
- Unauthorized access
- Unauthorized Use
- Disclosure
- Modification
- Destruction
ISO 27001 defines 133 security controls under following main security categories.
- Security policy
- Organization of information security
- Asset management
- Human resources security
- Physical and environmental security
- Communications and operations management
- Access control
- Information systems acquisition, development and maintenance
- Information security incident management
- Business continuity management
- Compliance