Description of system
Information Technology. Security techniques. Information security management systems. Requirements.
The ISO/IEC 27001 standard presents a model of information security management system and defines requirements for establishment, implementation, operation, monitoring, review, maintenance and improvement of the system.
Information being the precious resource of each company has measurable value and is continuously exposed to many threats. Therefore it should be the priority in managing of the organization to ensure security of information owned.
Information security management in connected not only with protection of information systems. It is used also to ensure security of personal data, business information and other information constituting the company secret.
Protection against loss of information is also the legal obligation of all entities conducting business activity, failing of observing of which is punishable by serious criminal sanctions. With the EU accession many legal acts appeared, among them the Act on personal data protection is of particular importance. Information systems and procedures of conducts should be adjusted to requirements of the act. All necessary measures should be taken to protect the information processed.
Implementation of information security management system increases the awareness of employees, helps to manage the risk and to establish objectives and rules of information security.