HOW TO TAKE MEASURES FOR INFORMATION SECURITY?
28 Apr 2020
What is Information?
In terms of information systems, all kinds of assets that have a significance value for the Institutions are called “information”. All meaningful assets bearing a written, visual, digital or physical form can be evaluated within this framework. Organizations use, produce, collect, store, archive and reuse information while performing their functions.
What is Information Security?
Information is of varying importance to institutions. According to this value, some of them are open to the public, some of them can be shared within the institution, some of them are highly confidential and only open to limited access. Information security deals with 3 characteristics of these assets.
Confidentiality: Information is only accessible to those who are authorized, and it remains confidential to others.
Unity: It is the case that the content has not been altered in any way during the related processes such as the storage and transmission of the information.
Accessibility: It can be defined as accessing and using information when it is needed.
The continuation of the existence of institutions may directly depend on the information assets it has. For this reason, it should be protected from threats such as unauthorized access, sharing, and conscious or unconscious disclosure. Therefore, 3 features mentioned above are tried to be protected.
What is ISO 27001 Information Security Management System?
The ease of information sharing increasing day by day has increased the studies on rapidly developing technology information security. At the same time, Industrial revolutions that started with automation and information systems revealed the need for some standards in this field. One of the most recognized organizations in the field of standards ISO (International Organization for Standardization). Its foundation dates back to the 1940s. It is an international, independent non-governmental organization with 164 national standards organizations. Through its members, the volunteer brings together experts to develop consensus-based, market-related International Standards, supporting innovation and providing solutions to global challenges. Due to technological needs, ISO standards are reviewed every five years and necessary changes are made.
The standard prepared by this organization in the field of Information Security is called ISO 27001 Information Security Management. The roots of the standard are based on the work of organizations called DTI and CCSC in the UK.
What are the Methods of Providing Information Security?
Institutions are expected to use standards prepared by the relevant authorities in various nations in order to meet their Information Security needs and to ensure continuity with periodic certification studies.
For ISO 27001, the methods to be followed to ensure Information Security are included in the standard and a management system is designed for this purpose. A framework has been established for the establishment and implementation of the Information Management System.
