Managing information assets, determining the security values, needs and risks of assets, developing and implementing controls for security risks.
To define the framework that will determine the methods for determining information assets, values, security needs, vulnerabilities, threats to assets, and frequency of threats.
Define the framework for assessing the confidentiality, integrity, accessibility effects of threats on assets.
To set out the working principles for handling risks.
To monitor the risks continuously by reviewing the technological expectations in the context of the scope of service.
To meet the information security requirements arising from the national or sectoral regulations to which it is subject, fulfilling the legal and relevant legislation requirements, meeting the obligations arising from the agreements, and corporate responsibilities towards internal and external stakeholders.
Reducing the impact of information security threats on business / service continuity
To ensure that we have the competence to respond effectively and quickly to information security incidents that may occur and to minimize the effects of the incidents.
To improve the corporate reputation; to protect the institution from the negative effects that may arise from information security breaches.
To increase the awareness of the information security of the employees.
To provide information management in accordance with TSE 27001 Information Security standard.
