ISO/IEC 27000:2018(E) Information technology -Security techniques — Information security management systems-overviewand vocabulary

ISO/IEC 27000:2018(E) Information technology -Security techniques — Information security management systems-overviewand vocabulary 1 scope This document provides the overview of information security management systems (1SMS). It alsoprovides terms and definitions commonly used in the ISMs family of standards. This document isapplicable to all types and sizes of organization (e.g.commercial enterprises, government agencies, not-for-profit organizations). The terms and definitions provided in this document - cover commonly used terms and definitions in the ISMS family of standards; - do not cover all terms and definitions applied within the ISMS family of standards; and-do not limit the ISMS family of standards in defining new terms for use. 2Normative references There are no normative references in this document. 3Terms and definitions lS0 and IEC maintain terminological databases for use in standardization at the following addresses:- ISO online browsing platform: available at https://www.iso.org/obp —IEC Electropedia: available at https:.//www.electropedia.org/ 3.1 access control means to ensure that access to assets is authorized and restricted based on business and securityrequirements ([3.56] 3.2 attack attempt to destroy, expose, alter, disable, steal or gain unauthorized access to or make unauthorizeduse of an asset 3.3 audit systematic, independent and documented process (3.54) for obtaining audit evidence and evaluating itobjectively to determine the extent to which the audit criteria are fulfilled