The security of data and information is of vital importance to any organization and it is therefore a business decision as to what information should be protected and to what level. The business's approach to the protection and use of data should be contained in a security policy to which everyone in the organization should have access and the contents of which everyone should be aware. The system in place to enforce the security policy and ensure that the business's IT security objectives are met is known as the Information Security Management System (ISMS). Information Security Management supports corporate governance by ensuring that information security risks are properly managed.

management information system

Both general management and IT management are responsible for implementing information security that protects the organization's ability to function. although many business and government managers shy away from addressing information security because they perceive it to be a technically complex task, in fact, implementing information security has more to do with management than with technology. Just as managing payroll has more to do with management than with mathematical wage computations, managing information security has more to do with policy and its enforcement than with the technology of its implementation.

Principles of Information Security 4th edition

The five major achievements of operating system are in the areas of

Process

Memmory Management

Information protection and security

Scheduling and Resource management

System Structure

ISMS composes of policies that focuses on the information security of an organization or business entity. It primarily aims to provide a secured management system for IT related risks and compliances when it comes into confidentiality of information that every organization of business have. The ISMS is closely related to the ISO 27001 standard that also aims to provide secure IT management process for an organization or business.