Clause 3: Terms and Definitions

The list of terms and definitions used in the standard is offered by Clause 3 of ISO 27001. These terms and definitions ensure clarity and consistency in understanding the concepts and requirements throughout the document.

Elements of ISO 27001 Clause 3 Terms and Definitions

• Integrity guarantees that information remains complete, accurate, and unchanged without authorization or accidental modification.
• Confidentiality ensures that information is only accessible to authorized entities, processes, or individuals.
• An asset is anything valuable to an organization, including data and information systems.
• Information security involves integrity, maintaining the confidentiality and data.
• An Information Security Management System (ISMS) is a structured approaching method to protect the sensitive company details/data and ensuring its security.
• Availability refers to the ability of authorized entities to access and use information whenever it is needed.
• Risk assessment involves identifying threats to the integrity, confidentiality, or availability of data and assessing their possible impact.
• Risk is the probability of a threat taking benefits of vulnerability and the potential consequences for an asset.
• The statement of applicability is a document outlining the security controls an organization has implemented to address identified risks from the risk assessment procedures.
• Risk treatment is the process of choosing and applying measures to manage or reduce risk.

The establishment of a shared understanding of key concepts and requirements, helping organizations implement an ISMS that effectively manages risks to their information assets are defined by the terms and definitions, ISO 27001.