Information Security Management (ISM) deals with the implementation and monitoring of a predefined security level for the IT environment. In particular, it addresses areas such confidentiality, integrity and availability. Risk analysis, as the starting point, helps to define the customer requirements on a security level. An internal, minimal security requirement is named IT basic protection. Additional security requirements of the customer are defined on an individual basis.