The purpose of the ISM process is to align IT security with business security and ensure that information security is effectively managed in all service and
Service Management activities, such that:
• Information is available and usable when required (availability)
• Information is observed by or disclosed to only those who have a right to know (confidentiality)
• Information is complete, accurate and protected against unauthorized modification (integrity)
• Business transactions, as well as information exchanges, can be trusted (authenticity and nonrepudiation).
