This paper discusses the role and importance of effective Information Security Management (ISM), how it is supported by an extensive family of global standards and the way these harmonize with ITIL
The paper discusses the contents and purposes of, and relationships between global standards, best practice guidance and organizational policies and procedures in the creation of effective ISM. There is no longer a separate ITIL publication on Security Management, so the paper explores the role of ISM within ITIL and how ITIL and the available ISM standards and guidance are aligned and can work together. ISM content in ITIL is mapped to the ISO/IEC standards.
In Appendix D, the paper summarizes the key findings of the committees set up to examine recent serious security failings in the public sector. Their recommendations are valuable and as applicable to commercial business as they are to Government departments.