Information Security Management System:
It is a management system based on a systematic business risk approach. It is a system designed to establish, implement, operate, monitor, review, maintain, and improve information security in the Organization. Information Technology related security has become increasingly important and is inevitable part of the day-to-day activities.

Risk Assessment:
It is an important step in protecting the business as well as complying under law. It is a means of providing decision makers with information needed to understand factors that can affect the operations and outcomes of the business and mitigate by making informed judgment concerning the extent of actions needed to reduce risk. As reliance on computer systems and electronic data has grown, information security risk has joined the array of risks that businesses must manage.