This site uses cookies to store information on your computer. Some are essential to make our site work; others help us improve the user experience. By using the site you consent to the placement of these cookies.

Common terminology for information security management

Posted on June 21, 2016

All information held and processed by an organization is subject to the risks of attack, error and natural disaster, and other vulnerabilities inherent to its use. Information security is therefore at the heart of an organization’s activities and focuses on information that is considered a valuable “asset” requiring appropriate protection, for example against the loss of availability, confidentiality and integrity.

The family of standards on information security management systems (ISMS) lets organizations develop and implement a robust framework for managing the security of their information assets, including financial data, intellectual property, employee details, and information otherwise entrusted to them by customers or third parties.

The recently revised ISO/IEC 27000:2016, Information technology – Security techniques – Information security management systems – Overview and vocabulary, gives a comprehensive view of information security management systems covered by the ISMS family of standards, and defines related terms and definitions. Every common language requires a common set of terminology, and this is provided by ISO/IEC 27000,” says Prof. Edward Humphreys, Convenor of working group ISO/IEC JTC 1/SC 27/WG 1 that developed the standard.

Protecting its information assets through defining, achieving, maintaining and improving security levels is essential for an organization to meet its objectives and strengthen its legal compliance and image. The coordinated activities needed to direct the implementation of suitable controls and mitigate unacceptable information security risks are part of what is known as information security management.

ISO/IEC 27000 gives a high-level overview of the ISMS family of standards (ISO/IEC 27001), how they support the implementation of requirements contained in ISO/IEC 27001, Information technology – Security techniques – Information security management systems – Requirements, and how they relate to each other. ISO/IEC 27000 provides a very brief introduction to the information security area and information security management systems, describing how to implement, operate, maintain and improve the ISMS.

The standard lays down the key factors of a successful implementation and the numerous benefits of using the ISMS family of standards. It provides an understanding of how the ISO/IEC 27001 family fits together through its multi-faceted approach, clarifying the standards’ scopes, roles, functions and relationship to each other. In addition, ISO/IEC 27000 gathers in one place all the essential terminology used in the ISO/IEC 27001 family.

Contact Ezentria today to discuss how ISO/IEC 27001 can help your organization Be Secure.

Source: Common terminology for information security management just revised (2016-02-18) – ISO

A security compliance program specifically designed for small and midsize businesses.