What is ISO 27001 and 27002?

Information Security Management System and its Family

What is information security?

Let’s say you have a gadget that reads the temperature and humidity in your basement. Every morning at 10 AM and night at 10 PM you, note down the temperature and relative humidity into a notebook. The collection of these numbers and observation is called data. You are collecting data in the form of measurement through observation and reading the numbers from those gadgets. When you process this data into some meaningful form it becomes the information. This information is now organized, structured, and very useful to make decisions. In our example of reading temperature and humidity, the reading shows a pattern when temperature increases it will lead to a decrease in the relative humidity. This information could be sensitive if we change the location from a garage to a nuclear facility. Depending on the classification there could be a requirement to protect that information. An act of protecting this information from unauthorized disclosure, modification, or destruction whether accidental or intentional is called information security.

Information Security covers several aspects of protecting the information, this is presented in the form of a model called CIA Triad. C is Confidentiality, I is Integrity and A is Availability.

ISMS Family

--

--

Aakif Shaikh, CISSP, CEH, CHFI, CISA, GWAPT

Over 18 years of experience in a wide variety of technical domains within information security including information assurance, compliance, and risk management.