An Information Security Management System (ISMS) is a systematic approach to managing the security of information assets. It includes policies, procedures, plans, processes, practices, roles, responsibilities, structures and resources. Some of the major ISMS objectives are to:

1. Ensure the confidentiality, integrity and availability of information assets
2. Ensure privacy and gain the trust of customers/users
3. Establish a cost effective and consistent information security structure
4. Help to detect, respond to, and recover from security incidents
5. Provide a mechanism to mitigate the risks to information and the business damage from incidents
6. Reduce potential losses from security breaches

 

by following the traditional Deming cycle of "Plan, Do, Check and Act"