Undoubtedly, much of the information of a company is found in computer systems, however, the ISO 27001 standard defines the information as “an asset that, like other important business assets, that has value for the organization and consequently requires adequate protection”.
Information takes many forms. It can be:
- written on paper
- printed
- stored electronically
- transmitted electronically
- shown on video
- Or spoken in conversation
It should be adequately protected in whatever form it takes or the means by which it is shared or stored.
Based on this, ISO 27001 proposes a security management framework for all company information, even if it is information that belongs to people’s own knowledge and experience, or is dealt within meetings…etc. In this sense, people themselves can be treated in the ISMS as information assets if it is deemed appropriate.
Information security risks pose a significant threat to businesses due to the possibility of financial loss or damage, loss of essential network services, or the reputation and trust of customers.
Risk management is one of the key elements in preventing online fraud, identity theft, damage to websites, loss of personal data, and many other information security incidents. Without a strong risk management framework, organizations are exposed to many types of cyber threats.
The new international standard ISO / IEC 27001 – information security, will help organizations of all kinds to improve the management of their information security risks.
Today, information security is constantly in the news with identity theft, breaches in business financial records and threats of cyber terrorism. An information security management system (ISMS) is a systematic approach to managing confidential company information so that it remains secure. It encompasses IT people, processes and systems.
The design and implementation of an ISMS (ISO / IEC 27001: 2005) will give customers and suppliers confidence that information security is taken seriously within the organization, being at the forefront in the application of the process technique to deal with information threats and security issues.