Information security is the protection of information to ensure:
Information security is achieved by applying a suitable set of controls (policies, processes, procedures, organizational structures, and software and hardware functions).
An Information Security Management System (ISMS) is a management system based on a systematic business risk approach, to establish, implement, operate, monitor, review, maintain, and improve information security. It is an organisational approach to information security. ISO/IEC 27001 (BS 7799) is a standard for information security that focuses on an organisation's ISMS.