International Federation for Information Processing


WG11.1 - Information Security Management est. 1985, revised 1992, reconfirmed 2006


As management, at any level, may be increasingly held answerable for the reliable and secure operation of the information systems and services in their respective organisations in the same manner as they are for financial aspects of the enterprise, the Working Group will promote all aspects related to the Management of Information Security.

These aspects cover a wide range, from purely managerial aspects concerning Information Security, (like upper management awareness and responsibility for establishing and maintaining the necessary policy documents), to more technical aspects (like risk analysis, disaster recovery and other technical tools) to support the Information Security management process.


  • to study and promote methods to make senior business management aware of the value of information as a corporate asset, and to get their commitment to implementing and maintaining the necessary objectives and policies to protect these assets;
  • to study and promote methods and ways to measure and assess the security level in a company and to convey these measures and assessments to management in an understandable way;
  • to research and develop new ways to identify the Information Security threats and vulnerabilities which every organisation must face;
  • to research and identify the effect of new and changed facilities and functions in new hardware and software on the management of Information Security;
  • to study and develop means and ways to help information security managers to assess their effectiveness and degree of control;
  • to address the problem of standards for Information Security.

Statement Of Case

There is a growing trend for senior business management to be held answerable for the reliable and secure operation of their information systems, as they are for control of their financial aspects. Information Security is, and should always be, upper management responsibility. Information security professionals and WG 11.1 in particular, should therefore be responsible for the development of all types of tools, mechanisms and methods to support top management in this new responsibility.