The objective of the information security management is to provide effective control and monitoring of the information security for all service activities. The standard refers to the Code of Practice ISO/IEC 27001 which forms a good basis for implementation of the information security.

Information security is a system of guidelines and procedures for identifying, controlling and protecting information and all operating materials associated with its/their storage, transfer and processing. Best practice recommendations for meeting the requirements demanded of information security management have become established in the following structure:

• IT security basic principles
• Identification and classification of information assets
• Security risk assessment
• Controls (monitoring, guidance measures)
• Documents and records as proof 

For comparison see the Information Security Management Process according ITIL V3.