Information Security

Information security is the methodology that is used to protect information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.  It pertains to the confidentiality, integrity, and availability of data in various forms (i.e., print, electronic, or other forms) and can be applied by any type of organization (i.e., corporations, financial institutions, hospitals, military, and governments).

ISO/IEC 27001:2005 is an Information Security Management System (ISMS) standard published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) in October 2005.  It is commonly referred to as "ISO 27001," but its full name is ISO/IEC 27001:2005 - Information technology -- Security techniques -- Information security management systems -- Requirements.

ISO/IEC 27001 formally specifies a management system that is intended to bring information security under explicit management control.  Since it is a formal specification, it mandates specific requirements.  Organizations that have adopted ISO/IEC 27001 can be formally audited and certified should they choose to do so.

Do you need help to establish and maintain your organization's information security process?  Quality Systems Innovations, Inc. offers a full range of products, training, and software that were developed specifically to help you master your information security process.  The products listed on this page will help you to understand what you need to do and to put it in place.  

ITIL Survival - Security Management Kit

Software

Information Technology (IT)