An international standard for information security management systems that specifies requirements for establishing, implementing, and continually improving security management.