– Managing information assets, determining the security values, needs and risks of assets, developing and implementing controls for security risks
– Define a framework for identifying information assets, their value, security needs, vulnerabilities, threats to assets and methods for determining the frequency of threats.
– To define a framework for assessing the confidentiality, integrity and availability impacts of threats on assets.
– To set out the working principles for the processing of risks.
– Continuously monitor risks by reviewing technological expectations in the context of the scope served
– Arising from national or international regulations to which it is subject, fulfilling the requirements of legal and relevant legislation, agreements
To ensure the information security requirements arising from meeting its obligations and corporate responsibilities towards internal and external stakeholders.
– Reducing the impact of information security threats to service continuity and contributing to continuity
– To have the competence to quickly intervene in information security incidents that may occur and minimize the impact of the incident
– To maintain and improve the level of information security over time with a cost-effective control infrastructure.
– Improving corporate reputation and protecting it from negative impacts based on information security
– Ensuring the continuity of the Information Security Management System
– To continuously improve the Information Security Management System
