Better to start with Information Security, we first know what is Information. Information is an asset that has value to the organization's business. In sort we can say asset which has some value to organization is called information. The information may be in any form of hard, soft or spoken in conversation. If an asset that has some value i.e. information, consequently needs some appropriate protection. Security is a protection to any thing. So Information security is protection of organizational valuated assets from any kind of treats, to ensure low business risk, business continuity and maximum benefits from the investments. Security may concern from outsiders (e.g. Hacker), or insiders (e.g. Disgruntled Employee). Information Security can achieved by set of policy, procedures & process i.e. controls. The Information Security is covered under ISO-27001:5000. Hrishikesh Dubey Information Security Consultant New Delhi, India.