Pursuant to the ISO/IEC 27001 standard, information security is protection of information from a wide range of threats. Its goal is to:
• ensure continuity of business processes,
• minimize losses and
• maximize return on investments.
Information is increasingly being processed electronically by means of computers and other ICTs. Anything that could disrupt this information, either directly or by means of an attack on the technical device or environment, where the information is processes, is called a threat. There are many factors that can threaten ICTs or take them out of action and damage the processed data. These include natural elements, technical failures, human error, malware, organized attacks, computer crime, and international terrorism that could cause serious security problems. Failure to secure information can cause irrevocable losses and disruption of trust in the organization.
Information security aims to minimize the possibility of threats and, if they do arise, to minimize their influence, which is critical for both public and private sectors.
One of the ways to eliminate the possible impact of threats on information technologies is to perform an internal audit of information security pursuant to the ISO/IEC standard.