Section 2.19 of ISO/IEC 27000:2009 [ISO27000] defines information security as "preservation of confidentiality
of information". It also notes that other properties, such as authenticity, accountability, non-repudiation, and reliability are relevant.
Following up the definitions of those terms, we find:
is the property that information is not made available or disclosed to unauthorized individuals, entities, or processes.
is the property of protecting the accuracy and completeness of assets, where asset is given the very broad definition "anything that has value to the organization" - a synonym for 'data' in the context of this site.
is the property of "being accessible and usable upon demand by an authorized entity".
is "a means of\ managing risk,
including policies, procedures, guidelines, practices or organizational structures,\xA0which\xA0can\xA0be\xA0administrative,\xA0technical,\xA0management,\xA0or\xA0legal\xA0in\xA0
Controls have been grouped into categories here. Feel free to add more or to move things around:
- 06 Oct 2011