Chapter 1. Introduction to the International Information Security Standards ISO27001 and ISO27002

What is information security?

It is a truism to say that information is the currency of the information age. Information is, in many cases, the most valuable asset possessed by an organisation, even if that information has not been subject to a formal and comprehensive valuation.

IT governance is the discipline that deals with the structures, standards and processes that boards and management teams apply to effectively manage, protect and exploit their organisations’ information assets.

Information security management is that subset of IT governance that focuses on protecting and securing an organisation’s information assets. The international standard ...

Get Application Security in the ISO27001 Environment now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.