Overview
Français
ABSTRACT
Information security comes within the scope of standardization (ISO and AFNOR (French national body mirroring ISO)). The following standards are concerned: ISO / IEC 27001 Requirements for certification, ISO / CIS 27002 Codes of practice, and ISO / CIS 27005 Risk management. Information security is organized in an Information Security Management System (ISMS). The methodological approach requires an inventory of assets and a risk analysis with regard to three factors: availability, integrity, and confidentiality. According to the impact (gravity) and the probability of occurrence (frequency) the risks are classified as either acceptable or residual. Security incidents must be managed. Risk treatment plans help to improve the ISMS.
Read this article from a comprehensive knowledge base, updated and supplemented with articles reviewed by scientific committees.
Read the articleAUTHOR
-
Claude PINET: Graduate engineer, Conservatoire National des Arts et Métiers (CNAM) - European Engineer EUR ING® - IRCA (International Register of Certificated Auditors) certified audit manager n° 1182803 - Founding Director CPI CONSEIL, France
INTRODUCTION
Information is a vital asset for any organization. It represents a vital resource for carrying out activities. As such, information requires appropriate protection and management.
The aim of information security is to protect information against the many threats that can lead to the degradation or interruption of an organization's business continuity. Measures must be defined, implemented, monitored, reviewed and improved in order to achieve a number of dedicated security objectives.
Specific processes must be defined and deployed to achieve this. However, these must be organized harmoniously with other processes as part of the organization's overall management system.
In order to specify information security requirements, an international standard has been drawn up. Naturally, it is applicable to the various systems that process information.
The content of this article has been updated following the latest version of the international standard NF EN ISO/CEI 27001 published in December 2013.
The Ultimate Scientific and Technical Reference
KEYWORDS
security of informations systems | ISMS | information security | information security management system | information system | standardization | certification | ISO/CEI 27001:2013
This article is included in
Software technologies and System architectures
This offer includes:
Knowledge Base
Updated and enriched with articles validated by our scientific committees
Services
A set of exclusive tools to complement the resources
Practical Path
Operational and didactic, to guarantee the acquisition of transversal skills
Doc & Quiz
Interactive articles with quizzes, for constructive reading
Standards, information security
General information and basic concepts
Bibliography
Works
Software tools
Audit diagnostic evaluation system (ADES). This tool manages several reference grids. It enables audit/evaluation findings to be entered into a database, and improvement actions to be recorded. It then reports on the audit/assessment findings recorded in the database. Comparisons between two audits/assessments enable improvements to be assessed. A slideshow presenting the functionalities is available for download at the...
Websites
French Standards Association (AFNOR) http://www.afnor.fr
International Organization for Standardization (ISO) http://www.iso.ch
International Electrotechnical Commission (IEC) http://www.iec.ch
...Standards and norms
International standards on quality management and quality assurance
- Quality management systems – Basic principles and vocabulary - ISO 9000 - 2005
- Quality management systems – Requirements (new version expected in 2015) - ISO 9001 - 2008
- Quality management systems – Performance improvement guidelines - ISO 9004 - 2009
- Environmental management systems – Specifications and...
The Ultimate Scientific and Technical Reference
