This international standard was created to provide a model to establish, implement, monitor, review and maintain an information security management system (ISMS).
One approach of the information security management process presented in this standard is to encourage users to emphasize the importance of:
- Understanding the information security requirements of an organization and the need to establish a policy and objectives for information security.
- Implementing and operating controls for information security risk management.
- Monitoring and reviewing the performance and effectiveness of the ISMS; and
- Continuous improvement based on the measurement of the objective.