Chapter 1. Introduction to the International Information Security Standards ISO27001 and ISO27002
What is information security?
It is a truism to say that information is the currency of the information age. Information is, in many cases, the most valuable asset possessed by an organisation, even if that information has not been subject to a formal and comprehensive valuation.
IT governance is the discipline that deals with the structures, standards and processes that boards and management teams apply to effectively manage, protect and exploit their organisations’ information assets.
Information security management is that subset of IT governance that focuses on protecting and securing an organisation’s information assets. The international standard ...