International Sites: United States · India · Italy · Japan · Latin America · China · United Kingdom
ISO 27001 Key Terms

Here are some key terms that will help you in the process of becoming ISO/IEC 27001 certified:

Asset – something that has value to the organization. An asset extends beyond physical goods or hardware, and includes software, information, people, and reputation.

Attack – an attempt to compromise an asset by various means, including destroying, exposing, altering, or gaining unauthorized access to an asset.

Authentication – a method of assuring that an entity has the characteristic the entity claims to possess.

Business Continuity – procedures and processes for ensuring business operation under all conditions.

Control – policies, procedures, and guidelines for managing risk.

Corrective Action – an action that eliminates the cause of a nonconformity.

Information Asset – data or other knowledge that has value to an organization.

Information Security Event – an occurrence in a service, system, or network that indicates a possible breach of information security. This includes breaks in policy, failure of controls, or other previously unknown situations.

Information Security Incident – an information security eventthat may compromise business operations or threaten business security.

Information Security Management System (ISMS) – a part of the overall management system focused on implementing and maintaining information security.

Non-repudiation – the ability to prove that an event occurred.

Statement of Applicability – a written statement describing the controls and their objectives that are relevant to an organization’s ISMS.

Threat – the potential cause of an incident that may result in a breach of information security or compromise business operations.

Vulnerability – a weakness of a control or asset.