Standard:
A Standard is a document. It is a set of rules that control how people develop and manage materials, product, services, technologies, tasks, processes, and systems.

Information Security:
Information Security is all about protecting and preserving Information. It’s all about protecting and preserving the confidentiality, integrity, authenticity, availability, and reliability of information.

Information Security Management System (ISMS):
An Information Security Management System (ISMS) includes all of the policies, procedures, plans, processes, practices, roles, responsibilities, resources, and structures that are used to protect and preserve information. It includes all of the elements that organizations use to manage and control their information security risks. An ISMS is part of a large Management System.

Procedure:
Procedure control processes or activities. Procedure defines the work that should be done and explains why and how it should be done, who should do it, and under what circumstances.

Process:
In general, a process uses resources to transform inputs into outputs. In every case, inputs are turned into outputs because some kind of work or activity is carried out. ISO IEC 27001 recommends that you structure your ISMS processes using the Plan-Do-Check-Act (PDCA) model. This means that every process should be planned (Plan); implemented, operated and maintained (Do); monitored, audited, and reviewed (Check); and improved (Act).

Process Approach:
The process approach is a management strategy. When managers use a process approach, it means that they control their processes, the interaction between these processes, and the inputs and outputs that “glue” these processes together.