The key asset of an information system is the information it generates, stores, processes and disseminates. Information security is the practice of protecting information from unauthorized or illegal access, disclosure, disruption, modification, or destruction to ensure confidentiality, integrity, and availability (CNSS, 2010). ISO/IEC (2016) defines information security as: “The preservation of the confidentiality, integrity and availability of information. Additionally, other properties, such as authenticity, accountability, non-repudiation, and reliability, may also be involved. » The foundations of security are based on the three fundamental principles or security attributes of confidentiality, integrity and availability (Commission of the European Communities, 1991). They are also called the CIA triad. Confidentiality is the property that prevents the disclosure of information to unauthorized persons, entities, or processes. Integrity means that information is not modified in an unauthorized manner. users when necessary. Besides these three concepts, five other attributes have been included as an extension of the CIA triad: accountability, auditability, authenticity, non-repudiation and confidentiality.