Please note that the content of this book primarily consists of articles available from Wikipedia or other free sources online. An information security management system is a set of policies concerned with information security management or IT related risks. The idioms arose primarily out of ISO 27001. The governing principle behind an ISMS is that an organization should design, implement and maintain a coherent set of policies, processes and systems to manage risks to its information assets, thus ensuring acceptable levels of information security risk. As with all management processes, an ISMS must remain effective and efficient in the long term, adapting to changes in the internal organization and external environment.