Information system security is a field of information security, within which measures and standards of information security are determined for information that is processed, stored or transmitted, in a manner that ensures its availability to the authorized uses. Information system security encompasses protection of information's confidentiality, integrity and availability.
With digital data in its focus, information system security also refers to the protection of information that is on other media, such as paper. Protection is equally applied to oral and written information. It is also applied to information in transition and information stored on different types of information storage media. Information system security is a subset of practices which include information security in general.
During the process of information system planning, projecting, designing, usage, maintenance and the end of its life cycle, physical, technical and administrative measures are used, in accordance with prescribed information security standards.
Information system security is managed during the entire information system’s life cycle.
Security of information system is also a subset of practices which ensure full protection of information and information system risk management that includes implementation of information security measures during the process of information system planning and its implementation, business continuity, log files management and threats analysis. Good engineering practices are based upon international standards such as ISO/IEC 27002, ISO/IEC 15408, CobiT, and guidlineses issued by European Union (EU) and the North Atlantic Treaty Organization (NATO).