Management of IT Security (IT Security Management) is the process for handling a certain predefined level of security, services and infrastructure.
IT security management assures and allows:

• Security controls to be implemented and managed to address specific changes such as changes in the demands of business and / or IT services, changes in elements of IT, etc; 
• Incidents related to security (security incidents) being managed; 
• The Audit results show the adequacy of security controls and measures taken;
• Reports that show the state of information security being produced.  

The Top Management is responsible to shareholders for the security and the definition of the relevant policy. It is also responsible for initiating the appropriate actions to improve the chances that a security incident occurs at acceptable levels. The IT Security Management is governed by the rules which support the business decision to invest in information security and related processes. Such rules shall provide the Management Guidelines and indications with the relative importance of various aspects of the organization and define what is punishable and what is not, in the use of ICT systems and data. Each organization must have an information security policy widely distributed, shared by all within the organization itself and actively strengthened and revised.
The process covers the full information lifecycle, from the collection of the customer requirements until the planning, implementation, evaluation and maintenance - under a structure of control - and with a regular report to the customer on the state of security.
Intrinsic elements of all activities within the process of IT Security Management are risk and vulnerability assessment and the management and implementation of countermeasures, at reasonable cost, to reduce vulnerability and risk to an acceptable level for business (risk management). These activities must be closely coordinated with all other areas of Service Management, especially with the processes of Availability and IT Service Continuity Management.