Information Security Management - ITIL Concepts

What is Information Security Management?

The confidentiality, authenticity, integrity and availability of the organization data and IT services is ensured by the Information Security Management (IST). The responsible use of the organization’s information resources and the appropriate management of the information security risks is ensured by IST. The process owner of this process is Information Security Manager.

Information security is considered to be met when:

  • When only authorized person observe or disclose the Information.
  • When the information is complete, accurate and is protected against the unauthorized access.
  • Whenever required, the information is made available and the system providing the information is attack proof and can recover or prevent from the failures.
  • Trust the business transaction and the exchange of information between the partners and enterprises.

What is ISM Security Policy?

To meet the business needs and to be appropriate, all the areas of security are covered by the ISM security policies, which include the following policies:

ISM Security Policy

What is ISM Framework?

The complete process of the Information Security Management (ISM) is shown below:

ISM Framework

What are the Key elements in ISM Framework?

The key elements of the ISM framework include:


The objective of Control element is to:

  • In order to approve and implement the information security policy, an organization structure is established by ISM.
  • Responsibilities are allocated.
  • Documentation is established and controlled.


Based on the requirements of the organization, the appropriate security measures are devised and recommended by this element.


In order to underpin the security policy the appropriate procedures, tools and controls are ensured to be in place by this element.


The objective of Evaluation element is to:

  • The technical security of the IT systems is audited regularly.
  • The security policy and the security requirements in the SLAs and OLAs are supervised and checked for compliance.


The objective of Maintain element is to:

  • As specified by SLAs and OLAs the security agreements are improved.
  • The implementation of the security measure and controls are improved.


The occurrence of the security incidents are prevented by this element. This is done by some of the measures like access rights, authorization, identification, and authentication and access control.


Any possible damage is minimized by this element.


This element helps in detecting any security incident at the earliest.


The repetition of the security incident if any is counteracted by this element.


The damage is repaired as soon as possible by this element.

All rights reserved © 2018 Wisdom IT Services India Pvt. Ltd Protection Status

ITIL Concepts Topics