Information Security Management System

The purpose of the ISO 27001 Standard is to establish and document the information security management system, providing the basic principles of the concept of Information Security to a company or organization.

What is information?

Information is the meaning of the data that an institution or organization uses to carry out its activities. Information is the only factor that ensures the continuity and existence of an institution and its security must be ensured.

Information Types are as follows.

• Printed on paper
• Electronically stored
• Posted or transferred to electronic media
• Shown in corporate videos
• Verbally conveyed during the interviews

What is Information Security?

Information Security, on the other hand, is the necessary and important measures and measures taken to protect vital information, ensure its integrity and ensure that it is accessible and accessible.

We can briefly indicate the basic principles of the concept of Information Security with the abbreviation C-I-A:

• Protection of confidentiality (Ensuring that access to information is possible only by authorized persons),
• Integrity (protection of information and information processing methods, accuracy and completeness),
• Availability (Ensuring that authorized personnel have access to information and related assets when necessary)

What is Information Security Management System?

Information Security Management System, on the other hand, is a form of management system in which resources are used by the personnel to systematically take the precautions and precautions regarding information security, to make the studies on information security more effective and according to the rules, and to ensure its continuity. The highest standard of the Information Security Management System in the international arena is the ISO 27001 Information Security Management System standard.

ISO 27001 INSTALLATION STAGES

• Classification, categorization of information assets, determination of system criticality.
• Evaluation of assets according to confidentiality, integrity and accessibility criteria
• Presenting a framework for the risk approach
• Preparation of risk analysis report
• Rating of risks
• Creating the framework for presenting risks to senior management
• Preparation of the risk processing plan according to the risk analysis report evaluations of the senior management
• Determine the controls to be applied to the risk treatment plan
• Creating documentation
• Configuring controls
• Internal audit
• Keeping records
• Management review