The
recently revised ISO/IEC 27000:2016, Information technology – Security
techniques – Information security management systems – Overview and vocabulary,
gives a comprehensive view of information security management systems covered
by the ISMS family of standards, and defines related terms and definitions.
All
information held and processed by an organization is subject to the risks of
attack, error and natural disaster, and other vulnerabilities inherent to its
use. Information security is therefore at the heart of an organization’s
activities and focuses on information that is considered a valuable “asset”
requiring appropriate protection, for example against the loss of availability,
confidentiality and integrity.
“Every
common language requires a common set of terminology, and this is provided by
ISO/IEC 27000,” says Prof.
Edward Humphreys,
Convenor of working group ISO/IEC JTC 1/SC 27/WG 1 that developed the standard.
Posted by Dr. Tim Sandle
