This article provides an overview of the ITIL process Information Security Management.

Information security management is responsible for, and manages, all IT security activities. It ensures that the confidentiality, integrity and availability of information is aligned with an organisation’s requirements. This in turn ensures that the information can be relied upon.

The ‘CIA’ acronym is commonly used to remember the 3 important areas of information security management:

a) Confidentiality – The information is only available to those authorised to see it.
b) Integrity – The information is complete and accurate.
c) Available – The information is available when required.

Controls, policies and processes put in place around information security management will be dependent on the organisation’s needs, regulation and risk appetite.

Further advice and information is available, including:

a) Policies.
b) Risk assessments.
c) Information security management systems.
d) Management of security breaches and incidents.

For more information please contact Morland-Austin at