KKI - Information Security Managment System (ISMS)
Vision
Establishment
Procedures
Implementation
Monitoring
Messages
About ISMS
Why ISMS
Implementation
Role of Mgt.
Training
Security Forum
Success Factors
PDCA Model
Learn ISMS


Document:
Term Document refers to information and the medium that is used to bring it into existence. Document can take any form or use any type of medium. Hard & soft (electronic).

Record:
A record is a document that contains objective evidence which shows how well activities are being performed or what kind of results are actually being achieved. It always documents what has happened in the past. Records can take any form or use any type of medium.

Asset:
Asset is any tangible or intangible thing that has value to an organization. In the context of this standard assets include things like information, system, facilities, networks and computers.

Owner:
In the context of ISO/IEC 27001, an owner is a person or entity that has been given formal responsibility for the security of an asset or asset category. It does not mean that the asset belong to the owner in any legal sense. Asset owners are formally responsible for making sure that assets are secure while they are being developed, produced, maintained, and used.

Risk:
The possibility of something bad happening at some time in the future, or a situation that could be dangerous or have a bad result. One more definition is to put something valuable or important in a dangerous situation, in which it could be lost or damaged. The concept of Risk in ISMS combines three ideas: it selects an 1) event, and then combines its 2) probability with its 3) potential impact.

Risk Analysis:
 Risk analysis uses information to identify possible sources of risk. It uses information to identify threats or events that could have a harmful impact. It then estimates the risk by asking: what is the probability that this event will actually occur in the future? And what impact would it have if it actually occurred?

Risk assessment:
A risk assessment combines two techniques: Risk analysis and a risk evaluation

Risk Evaluation:
A risk evaluation compares the estimated risk with a set of risk criteria. This is done in order to determine how significant the risk really is? The estimated risk is established by means of a risk analysis.

Risk Management:
Risk management is a process that includes four activities: risk assessment, risk acceptance, risk treatment and risk communication. Risk management includes all of the activities that an organization carries out in order to manage and control it.

Risk Treatment:
 Risk Treatment is a decision making process. For each risk, risk treatment involves choosing amongst at least four options: accept the risk, avoid the risk, transfer the risk, or reduce the risk. In general, risks are treated by selecting and implementing measures designed to modify risk.




Enlarge