Information security, is the practice of protecting information by mitigating the risk of cyber-attack, and typically includes preventing or reducing the possibility of unauthorized/inappropriate access to data, unlawful use, disclosure, disruption. This concept of information security covers as well various procedures aiming at minimizing the negative effects of such incidents and threats. These threats might be originated from the human behavior which may lead to a wide damage of the organization data assets. Thus, the primary focus of information security is on the balanced protection of confidentiality, integrity and availability of data while maintaining an effective use of the organizations' systems. International standards related to information security such as ISO/IEC 27001 emphasis on effective implementation of the information security policies and applications without hampering the productivity of the organization. This research seeks to draw a set of practical rules to be established within an organization in order to preserve cybersecurity objectives and protect dada speifically from human errors incidents. The drawn rules are based on ISO/IEC 27001 and its application within organizations will rise the employees awarness about their behavior to reduce the impact of such incidents on the orgnaization' systems and data.
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.