With increasingly powerful software and hardware, growing use, network connections and especially public access to the Internet, the need to ensure the security of data and equipment increases. At the same time, there has been massive development in the security of information systems which can be seen in the publishing of multiple new international standards in this area. Furthermore, the demands of the legislations in this area have grown, especially concerning the handling of personal information.

The main aspects of information security
Information is a valuable asset and therefore needs appropriate protection. It can be in various forms, e.g. printed or written on paper, stored electronically, displayed on film or verbal. Information should always be protected appropriately, regardless of how it is used or stored.
Information security means that information is protected against a variety of threats in order to ensure business continuity, minimize damage and maximize performance. Information security can be seen as a way to keep:

•    Confidentiality, i.e. the guarantee that information is only available to those who have the authority. Sensitive information must be protected against unauthorized publication, access and interception.
•    Integrity, i.e. maintaining the accuracy and integrity of information and processes. It must be ensured that the information is correct and undamaged and that software works properly.
•    Availability, i.e. ensuring that information and services are accessible, when needed, to users with the correct authority.

Implementation of information security involves several factors such as risk assessment, the making of organizational manuals, the making of plans for business continuity and policy formulation.

Information security is also the preservation of other properties such as the traceability of information, reliability, responsibility and invulnerability.

By implementing information security standards, it is attempted to ensure all the above factors with audits and reviews of the procedures of the company or institution concerned.

The challenges of the international security standards ISO/IEC 27002:2005 and ISO/IEC 27001:2005 are not only the information systems themselves, but also all the work and equipment associated with them. Thus, it is important to define how the users treat information and systems, and to set rules of procedures concerning that treatment.