Information security (IS) management involves the implementation of policies, procedures and controls to protect an organisation’s information assets. Organisations will typically achieve this through the adoption of one or more information security frameworks, such as ISO 27001 or the NIST Cybersecurity framework.
IS management is an increasingly important component in an organisation’s overall risk management programme.
Key functions and roles involved typically include security policy development, incident response and vulnerability management.