An Information Security Management System (ISMS) is a systematic approach to managing the security of information assets. It includes policies, procedures, plans, processes, practices, roles, responsibilities, structures and resources. Some of the major ISMS objectives are to:
- Ensure the confidentiality, integrity and availability of information assets
- Ensure privacy and gain the trust of customers/users
- Establish a cost effective and consistent information security structure
- Help to detect, respond to, and recover from security incidents
- Provide a mechanism to mitigate the risks to information and the business damage from incidents
- Reduce potential losses from security breaches
by following the traditional Deming cycle of "Plan, Do, Check and Act"