This Recommendation | International Standard provides concepts and guidance on principles and processes for the governance of information security, by which organisations can evaluate, direct and monitor the management of information security. This International Standard is applicable to all types and sizes of organisations.