An information security management system implements IS measures or controls and provides monitoring for reporting purposes to decision-making bodies. As a vital resource in the digital economy, information must be protected. Companies realize the importance of being able to ensure its availability, confidentiality, integrity. Information exists nowadays in multiple formats; it is stored on different media, exchanged through uncontrolled networks. Security governance is an integral part of corporate governance. Remember that there is single or commonly accepted definition of the term governance. It can be summarized as a set of activities and responsibilities aimed at achieving the objectives that a company has set by satisfying the needs of all stakeholders. Security measures must be integrated into business processes, rely on a defined program, and be in compliance with legal, regulatory frameworks. A strategy cannot be validated solely by members of the board of directors or management without the involvement of the business managers, the CISO, even the operations managers.