Information Security Management relates to all types of information, be it paper-based, electronic or other. It determines how information is processed, stored, transferred, archived and destroyed.

A secure information management system is one, which ensures:

• confidentiality: so that only those who are authorized to see the information have access to it
• integrity: so that the accuracy and completeness of the information is safeguarded by robust sourcing, processing, updating and storage processes
• availability: so that authorized users have access to information and associated assets, in the required forms, when they need it.

Information Security Management is about the protection of information assets from potential security breaches. It starts with reviewing risks, setting policies, processes and controls, and by implementing them throughout the organization.

A global standard for Information Security Management

Recognition of the importance of Information Security Management is now widespread. In consideration of this, a new Standard outlining the criteria for effective Information Security Management practice has been released. The Standard ISO/IEC 27001:2005 enables organizations to align with global standards of best practice information security management. They offer organizations a practical framework and functional guidelines to assist with the improvement of information security and to be recognized accordingly – worldwide. Originally developed by major international industry organizations, the standard has been improved and refined to ensure widespread practical application at international levels – and ISO 27001 is now globally recognized as the standard against which organizations can be certified.