|Year of Declaration||2009|
|Number of Pages||115|
Establishes guidelines and general principles for initiating, implementing maintaining, and improving information security management in an organization. The objective outlined in this standard provides general guidance on the commonly accepted goals of information security management. The control objectives and controls of this standard are intended to be implemented to meet the requirements identified by a risk assessment. This standard may serve as a practical guideline for developing organizational security standards and effective security management practices and to help build confidence in inter-organizational activities.