ISMS is for organizations to operate a system for organizational management by applying technical measures to specific information security problems, as well as defining the necessary security levels through risk assessment for themselves, preparing the plan and allocating the resources.