Information is a vital asset for the success and market continuity of any organisation. The assurance of such information and of the systems that process it is a primary objective for the organisation.
For the proper management of information security, it is necessary to implement a system that assesses the risks to which this asset of the organisation is subject and addresses this task in a methodical, documented manner and based on clear security objectives.
“With an ISMS, the organisation knows the risks to which its information is subject to and assumes, minimises, transfers or controls them using a defined, documented system known to all, which is constantly reviewed and improved.”
An organisation can implement an Information Security Management System (ISMS) based on the UNE-ISO/IEC 27001:2017 standard.
The security of information within an organisation consists, according to ISO 27001, of the preservation of its confidentiality, integrity and availability, as well as of the systems involved in its processing. Therefore, these three terms form the foundation on which the whole edifice of information security is based:
- Confidentiality: The ability to prevent the disclosure of information to unauthorised persons or systems.
- Integrity: The attribute that seeks to keep data free from unauthorised modification.
- Disponibility: characteristic, quality or condition that makes information available to whom might want to access it (people, processes or applications).