What is Information Security Management?
Information security management describes the set of policies and procedural controls that IT and business organizations implement to secure their informational assets against threats and vulnerabilities.
Responsibility for information security may be assigned to a Chief Security Officer, Chief Technical Officer, or to an IT Operations manager whose team includes IT operators and security analysts.
Many organizations develop a formal, documented process for managing InfoSec – often called an Information Security Management System, or ISMS.