This book is intended for anyone who wants to prepare for the Information Security Foundation based on ISO / IEC 27001 exam of EXIN. All information security concepts in this revised edition are based on the ISO/IEC 27001:2013 and ISO/IEC 27002:2022 standards. A realistic case study running throughout the book usefully demonstrates how theory translates into an operating environment. In all these cases, knowledge about information security is important and this book therefore provides insight and background information about the measures that an organization could take to protect information appropriately. Sometimes security measures are enforced by laws and regulations. This practical and easy-to-read book clearly explains the approaches or policy for information security management that most organizations can consider and implement. It covers: • The quality requirements an organization may have for information • The risks associated with these quality requirements • The countermeasures that are necessary to mitigate these risks • How to ensure business continuity in the event of a disaster • When and whether to report incidents outside the organization.