Legal, regulatory and contractual requirements increase regularly. Organisations can manage these processes by implementing an information security management system. There are a number of management frameworks that support business activities including COBIT 5, ISO/IEC 27001 and NIST.

Information security uses risk management processes to identify threats and vulnerabilities. Security incidents and breaches can be managed effectively through the implementation of information security controls in an ISMS.