Provides recommendations for information security management. Intended for provision of a common basis for organizations to develop, implement and measure effective security management practice and for provision of confidence in interorganizational dealings.