Information Security is defined as the protection of information, as an asset, from unauthorized access, use, alteration, disclosure, modification, destruction, and disruption. It consists of three basic elements;
Confidentiality: Protecting information from being accessed by unauthorized parties.
Integrity: Preventing data from being modified in an unauthorized or undetected manner.
Accessibility: Data, software, and hardware are available to authorized users upon demand.
If any of these three primary security objectives are damaged, a security vulnerability occurs.
It is a set of practices that ensure the protection of information from wide-ranging threats in order to ensure the continuity of the works in the institution, reduce the problems that may occur in the works, and increase the benefit from the investments.
Today, commercial companies and government agencies have strongly leaned to use of information to maintain their businesses. As time passes, the importance of information increases, but it is not able to meet the evolving needs of safe storage. Also, it has become an inevitable need to send it from one place to another. This dependence on knowledge brought up the need to protect information. Possible attacks on information, its destruction, deletion, damage to its integrity, or confidentiality result in information infrastructure to deteriorate, and therefore disruption of business.
It is divided into 7 general categories to examine the field of information security in more detail:
- Network Security
- Endpoint Security
- Data Security
- Application Security
- Identity and Access Management
- Security Management
- Virtualization and Cloud
Information Security Management System
An Information Security Management System (ISMS) is a set of policies and procedures for systematically managing an organization’s sensitive data. The goal of an ISMS is to minimize risk and ensure business continuity by pro-actively limiting the impact of a security breach. An organization that fulfills these requirements has taken an essential step towards ensuring the security of the Information assets that are among the assets.
The Information Security Management System (ISMS) standard covers all types of organizations. This standard covers the requirements for establishing, implementing, monitoring, reviewing, maintaining, and improving a documented ISMS in the context of all business risks of the organization. It specifies the requirements for performing security checks customized to the needs of independent organizations or parties. ISMS is designed to provide adequate and proportionate security controls that protect information assets.
ISO / IEC 27001 is suitable for all big and small organizations, regardless of which sector or country of the world it is. This standard is particularly necessary for areas where the protection of information is of paramount importance, such as the finance, healthcare, public, and IT sectors.
It is also essential for organizations that manage information on behalf of others, such as IT subcontractors. It can be used to reassure customers that their information is protected.