INFORMATION SECURITY: PRINCIPLES

ISO 27001 Information Security Management Standard

What are Information Security Principles?

Information systems and sensitive data should only be accessed by authorized users who abide by security policies. A key part of preventing and mitigating security threats is creating effective information security principles and ensuring compliance.

Information security is composed of three fundamental principles (tenets): confidentiality, integrity, and availability. It is essential that every aspect of an information security program (and every security control that an entity puts in place) addresses one or more of these principles.  These three principles are known as the CIA Triad.

Information Security Principles

CIA-Triad

 

ISO 27001 Information Security Management Standard consists of 10 principles:

ISO 27001 Information Security Management Standard consists of 10 principles

  1. Analyse the Protection of Information and then Applying Controls
  2. Information security awareness.
  3. Assigning Information Security Responsibility
  4. A commitment to management’s interests and those of stakeholders
  5. Promoting social values
  6. Assessment of risks to determine appropriate controls to achieve acceptable levels of risk
  7. Integrating security into information networks and systems
  8. Active prevention and detection of information security incidents
  9. Managing information security in a comprehensive way
  10. An ongoing review of information security and modification as necessary

Use SHEQ software

To design and implement a Quality Management System, SRM and many of our clients use Mango Compliance Software – www.mangolive.com Mango makes it easier to obtain and maintain ISO 9001:2015 certification.

 

SRM is ISO 9001:2015, ISO 14001:2015 and ISO 45001:2018 certified. Contact our consultants today. Let us know if we can help you with the development and implementation of your Quality Management System.