查看文章

Businesses, government and public institutions have long been facing a great challenge. The use of modern information technology in business requires the introduction of integrated measures for the protection of information. Recommendations and the use of the international standard ISO/IEC 27001 enabled the successful planning and implementation of systems for information security management. Great importance at this standard is given the concept of information resources/assets. Information is also an information resource and every information resource have its value. If there is a disturbance value of information resources deals with the attacks and security threats to these resources. Security threat represents any event that results in a distortion of the basic requirements of security: confidentiality, integrity and availability of information. Therefore, implement physical, technical and administrative safeguards. If it happens some of the attacks on information resources it hinders the business and reputation of businesses. Modern methodology of information protection includes a risk assessment. It is therefore necessary before establishing a system of security to determine the optimal level of safety in terms of cost-effectiveness in terms of costs and speed implementation of the necessary security measures. Too large range of security systems and over-planned level of security that can impede the establishment of system security and higher costs compared to a profit of implemented security measures. In this study we explored the dynamics taking place use and application of standards to date. The distribution and implementation of standards …