Overview
ABSTRACT
Information security comes within the scope of standardization (ISO and AFNOR (French national body mirroring ISO)). The following standards are concerned: ISO / IEC 27001 Requirements for certification, ISO / CIS 27002 Codes of practice, and ISO / CIS 27005 Risk management. Information security is organized in an Information Security Management System (ISMS). The methodological approach requires an inventory of assets and a risk analysis with regard to three factors: availability, integrity, and confidentiality. According to the impact (gravity) and the probability of occurrence (frequency) the risks are classified as either acceptable or residual. Security incidents must be managed. Risk treatment plans help to improve the ISMS.
Read this article from a comprehensive knowledge base, updated and supplemented with articles reviewed by scientific committees.
Read the articleAUTHOR
-
Claude PINET: Graduate engineer, Conservatoire National des Arts et Métiers (CNAM) - European Engineer EUR ING® - IRCA (International Register of Certificated Auditors) certified audit manager n° 1182803 - Founding Director CPI CONSEIL, France
INTRODUCTION
Information is a vital asset for any organization. It represents a vital resource for carrying out activities. As such, information requires appropriate protection and management.
The aim of information security is to protect information against the many threats that can lead to the deterioration or interruption of an organization's business continuity. Measures must be defined, implemented, monitored, reviewed and improved in order to achieve a number of dedicated security objectives.
Specific processes must be defined and deployed to achieve this. However, these must be organized harmoniously with other processes as part of the organization's overall management system.
In order to specify the security requirements for information, an international standard has been drawn up. Naturally, it is applicable to the various systems that process information.
The content of this article has been updated following the latest version of the international standard NF EN ISO/IEC 27001 published in January 2023. This third edition replaces the 2013 version, and incorporates the two technical corrigenda ISO/IEC 27001 : 2013/Cor 1 : 2014 and ISO/IEC 27001 : 2013/Cor 2 : 2015. The text of Annex A has been aligned with the security measures of the latest version of ISO/IEC 27002 : 2022.
Two new terms have been introduced:
cybersecurity: the practice of protecting systems, networks and programs against digital attacks; cyberattacks are generally aimed at accessing, modifying or destroying sensitive information, or disrupting a company's normal processes;
-
protection of privacy: the right to privacy is guaranteed by the Constitutional Council; it implies :
respect for privacy, medical confidentiality, image rights, etc,
limits to spying and investigative practices (such as telephone tapping).
Exclusive to subscribers. 97% yet to be discovered!
You do not have access to this resource.
Click here to request your free trial access!
Already subscribed? Log in!
The Ultimate Scientific and Technical Reference
KEYWORDS
security of informations systems | ISMS | information system | information security | | cybersecurity | standardisation | ISO/IEC 27001 | privacy protection
This article is included in
Software technologies and System architectures
This offer includes:
Knowledge Base
Updated and enriched with articles validated by our scientific committees
Services
A set of exclusive tools to complement the resources
Practical Path
Operational and didactic, to guarantee the acquisition of transversal skills
Doc & Quiz
Interactive articles with quizzes, for constructive reading
Information security, cybersecurity and data privacy protection
Bibliography
Websites
French Standards Association (AFNOR) http://www.afnor.fr
International Organization for Standardization (ISO) http://www.iso.ch
International Electrotechnical Commission (IEC) http://www.iec.ch
...Standards and norms
International standards on quality management and quality assurance
- Quality management systems – Basic principles and vocabulary (classification index X50-130) - NF ISO 9000 - 2015
- Quality management systems – Requirements (classification index X50-131) - NF ISO 9001 - 2015
- Managing an organization's sustainable performance – Quality management approach (classification index X50-122)...
Exclusive to subscribers. 97% yet to be discovered!
You do not have access to this resource.
Click here to request your free trial access!
Already subscribed? Log in!
The Ultimate Scientific and Technical Reference