In this book (updated in 2026), the following subjects are included: information security, the risk assessment and treatment processes (with practical examples), the information security controls, the many information security legislation requirements (gdpr, Nis, Ia, etc.). The text is based on the 2022 editions of the ISO/IEC 27001 and the ISO/IEC 27002 standards. The author is a participant to the editing meetings for these standards. Appendixes include short presentations on auditor managmeent, on ISO/IEC 27001 certifications and check lists for change management, contracts and for the transition from the 2013 to the 2022 controls.