Abstract:
Given the evolution of information technologies and their direct relationship with the business objectives of organizations, the universe of threats and vulnerabilities increase, then is necessary to protect one of the most important assets of the organization, The information, ensuring always the availability, confidentiality and integrity of it. The most appropriate way to protect information assets is through proper risk management, achieving identify and focus efforts on those elements that are most exposed.
Implementing a Information Security Management System guarantees to organization that adopt the best practices recommended by the ISO 27001:2005 for the proper treatment of risk. Then we are going to show a successful case in the implementation of an ISMS and their respective certification under the ISO 27001:2005