Ensuring the cybersecurity of information systems has become one of the main objectives of any organisation. Cybersecurity and the current technological risks and threats, such as viruses (malware), intrusion attacks and persistent threats (APT), computer fraud, ransomware, inadequate protection or any uncontrolled risk can result in significant losses and have a direct effect on service quality.
The design and implementation of an Information Security Management System based on ISO Standard 27001 gives confidence to clients and providers by preserving the confidentiality, integrity and availability of information. It is the most effective means for minimising information security risks. ISO 27001 ensures that IT business processes and/or services, assets and their risks are identified and evaluated, depending on their impact to the organisation, and that controls and procedures are adopted that are effective and consistent, in keeping with the business strategy.