The goal of information security management is to protect an organization's information assets from security threats by implementing measures to ensure confidentiality, integrity, and availability of data. It involves establishing policies, procedures, and controls to safeguard information and mitigate risks. Ultimately, the aim is to maintain the confidentiality, integrity, and availability of information to support the organization's goals and objectives.

You can find information about security risk management at the SANS Institute website. You can also find more information at the Enisa Europa website.

The purpose of Information Security Management is primarily to be a focal point for the management of all activities concerned with information security. This is not just about protecting information resources today. It is about putting in place, maintaining and enforcing an effective Information Security Policy. It is about understanding how the business will develop, anticipating the risks it will face, articulating how legislation and regulation will affect security requirements and making sure that Information Security Management is able to meet these challenges of the future.

Both general management and IT management are responsible for implementing information security that protects the organization's ability to function.

Teamquest offers information about ITIL security management. Using the ITIL Security Management process framework provides common, well-understood concepts in order for people to clearly understand the reasons behind the security policies and procedures.