ABSTRACT
Information Security Management entails the identification of an organization’s information assets and the development, documentation, and implementation of policies, standards, procedures, and guidelines, which ensure their availability, integrity, and confidentiality. Management tools such as data classification, security awareness training, risk assessment, and risk analysis are used to identify the threats, classify assets, and rate their vulnerabilities so that effective security controls can be implemented.
