Information is biggest assets of an organization; or you can say that Information Lost Company Lost. Therefore, like any asset, information needs protecting. An organization needs to use a best approach to protect its valuable information and that is what ISO/IEC 27001 brings – a systematic approach to identifying and managing security risks to ensure that information is kept secure.
Information security is commonly defined using the C-I-A triad: confidentiality (information is available only to authorized users); integrity (information is accurate and complete) and availability (authorized users have access to information when they need it). Non-repudiation (the concept that ensures a subject cannot deny performing an action or event) is another key concept that in most theories complements the C-I-A triad and is considered as equally important as confidentiality, integrity and availability.
At international level there are different frameworks for information security developed by different organizations like ISACA, NIST or, of course ISO. According to the International Standards Organization (ISO) “ISO 27000 family of standards helps organizations keep information assets secure”. Information may include intellectual property, contracts and financial data, information generated from research and development, customer or employee private data or information provided by third parties.