The mixture of all of those principles is not going to guarantee security for a corporation, nevertheless it puts the organization in a better place to defend itself from infosec threats. Risk management – the method of identifying, assessing and controlling risks to an organization’s IT environment. Defense in depth – a method that uses a number of countermeasures to protect information and is predicated on the army principle that it’s more difficult for an enemy to beat a multilayered protection system than it’s to beat a single layer.

security management system is very good however the public sector even personal sector some sorts of speech is going on which could be very bad...