Knowledge is one of the most important values of an organization in ensuring business continuity. In the event that many assets are lost, the lost information has no monetary equivalent. For this reason, in today's changing and developing conditions, the importance of information and the necessity of protection is increasing. Information; It can be used and stored in writing, electronic media, verbal, employee memory and many other formats. Due to technological advances, many of these forms of use may or may not change over time. Because of this change and development, the security of information needs to be constantly questioned and controlled. Information security is the protection of the confidentiality, integrity, and usability of information.
ISO 27001 Information Security Management System is a management system that includes people, processes and information systems in the provision of corporate information security and is supported by senior management. It is designed to protect information assets and provide adequate and proportionate security controls that give confidence to interested parties. ISO 27001 Information Security Management System includes corporate structure, policies, planning activities, responsibilities, applications, procedures, processes and resources. The foundations of ISO 27001 and ISO 27002 Information Security Management System Standards are based on BS 7799 standard. BS 7799 BSI (British Standards Institution) was published in 1995 and consists of two parts. The first part, BS 7799-1, included best practices for information security management. In 2000, this standard was adopted by ISO and published as ISO 17799 Information Technology - Application Principles for Information Security Management. ISO 17799 2007 was incorporated into the ISO 27000 series as ISO 27002. The second part was released by BSI in 7799 under the name BS 2 1999 Information Security Management System Requirements. This standard focused on how to establish ISMS. In 2005, it was published by ISO under the name of ISO 27001 Information Security Management System Requirements. ISO 27001. and the most recent revisions of the 27002 standards were published on 25.09.2013.
ISO / IEC 27001: 2013 defines requirements for the installation, implementation, execution and continuous improvement of an information security management system within the organization's scope. It also includes requirements for the assessment and improvement of information security risks associated with the needs of the organization. ISO / IEC 27001: The requirements given in 2013 are general and intended to be applicable to all, regardless of the type, size and nature of the organizations. ISO 27001 requires organizations to prepare risk management and risk processing plans, tasks and responsibilities, business continuity plans, emergency incident management procedures and keep records of them in practice. The Authority should issue an information security policy that includes all these activities and raise the awareness of its personnel on information security and threats. Information security management can only be achieved with active support of the management and the participation of the personnel as a living process in which the selected control objectives are measured and the compliance and performance of the controls are continuously monitored.
