Global Information Security Management System (GISMS) is a framework consisting of strategy, policy, standard, process and the associated people and the data managed collectively by a security business to ensure the confidentiality, integrity and the availability of information assets. Provides an efficient, effective and sustainable approach that can be replicated throughout the security aspect. The effectiveness of performance evaluating approach then depends entirely on the accuracy of data and its analysis.

Risk management is the key of success in a modern security world and the core of risk management is risk assessment process. Risk assessment comprises of risk identification, risk analysis, risk evaluation and then to determine what method to use in treating risks. All of these take place in a context, and it is important to define the context of communicating and consulting internally and externally, and of course monitoring and review are of paramount importance.