What is the purpose of the ‘information security management’ practice?
Protecting an organization by understanding and managing risks to the confidentiality, integrity, and availability of information
Ensuring that services achieve agreed and expected performance levels, satisfying current and future demand in a cost-effective way
Ensuring that services deliver agreed levels of availability or that change can be assessed
Systematically observing services and service components and recording and reporting selected changes of state identified as events