Date Added: May 2009
This paper discusses the role and importance to the business of effective Information Security Management (ISM), how it is supported by an extensive family of global standards and the way these harmonize with ITIL. The intended readership is business and IT managers familiar with or interested in ITIL. The paper discusses the contents and purposes of, and relationships between global standards, best practice guidance and organizational policies and procedures in the creation of effective ISM. There is no longer a separate ITIL publication on Security Management, so the paper explores the role of ISM within ITIL and how ITIL and the available ISM standards and guidance are aligned and can work together. ISM content in ITIL is mapped to the ISO/IEC standards.