Defines the critical aspects needed for successful design and implementation of an Information Security Management System (ISMS) in accordance with ISO/IEC 27001:2005. It also explains the process of ISMS specification and design from inception to the production of implementation plans.