Here are some key terms that will help you in the process of becoming ISO/IEC 27001 certified:
Asset – something that has value to the organization. An asset extends beyond physical goods or hardware, and includes software, information, people, and reputation.
Attack – an attempt to compromise an asset by various means, including destroying, exposing, altering, or gaining unauthorized access to an asset.
Authentication – a method of assuring that an entity has the characteristic the entity claims to possess.
Business Continuity – procedures and processes for ensuring business operation under all conditions.
Control – policies, procedures, and guidelines for managing risk.
Corrective Action – an action that eliminates the cause of a nonconformity.
Information Asset – data or other knowledge that has value to an organization.
Information Security Event – an occurrence in a service, system, or network that indicates a possible breach of information security. This includes breaks in policy, failure of controls, or other previously unknown situations.
Information Security Incident – an information security eventthat may compromise business operations or threaten business security.
Information Security Management System (ISMS) – a part of the overall management system focused on implementing and maintaining information security.
Non-repudiation – the ability to prove that an event occurred.
Statement of Applicability – a written statement describing the controls and their objectives that are relevant to an organization’s ISMS.
Threat – the potential cause of an incident that may result in a breach of information security or compromise business operations.
Vulnerability – a weakness of a control or asset.